diff --git a/.github/workflows/integrate.yml b/.github/workflows/check.yml similarity index 68% rename from .github/workflows/integrate.yml rename to .github/workflows/check.yml index 116dea8..7fb1030 100644 --- a/.github/workflows/integrate.yml +++ b/.github/workflows/check.yml @@ -1,40 +1,47 @@ -name: Integrate +--- +name: check on: push: branches: [ "**" ] paths: - - "emass/**" - - "tools/**" - - "agent/**" + - "backend/**" + - "fastmcp/**" - "frontend/**" - - "docs/**" jobs: - secrets: - name: Secrets Check + code-lint: + name: Code Lint Check runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + container: + - backend + - fastmcp + - frontend steps: - name: Clone the repository uses: actions/checkout@v4 - - name: Run Trufflehog - id: trufflehog - uses: trufflesecurity/trufflehog@main - continue-on-error: false + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: "3.12" + - name: Install Python dependencies + run: python -m pip install black + - name: Check code formatting + run: black --diff --color --check ${{ matrix.container }} - dockerfile: + dockerfile-link: name: Dockerfile Lint Check - needs: secrets runs-on: ubuntu-latest strategy: fail-fast: false matrix: container: - - emass - - tools - - agent/openai_gpt-4o + - backend + - fastmcp - frontend - - docs steps: - uses: actions/checkout@v4 - uses: hadolint/hadolint-action@v3.1.0 @@ -42,34 +49,37 @@ jobs: failure-threshold: error dockerfile: ${{ matrix.container }}/Dockerfile - qa: - name: Quality Assurance Check - needs: secrets + secrets: + name: Secrets Scan + runs-on: ubuntu-latest + steps: + - name: Clone the repository + uses: actions/checkout@v6 + - name: Run Trufflehog + id: trufflehog + uses: trufflesecurity/trufflehog@main + continue-on-error: false + + sast: + name: SAST Scan runs-on: ubuntu-latest strategy: fail-fast: false matrix: container: - - emass - - tools - - agent/openai_gpt-4o + - backend + - fastmcp - frontend - - docs + container: + image: semgrep/semgrep steps: - name: Clone the repository - uses: actions/checkout@v4 - - name: Install Python - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - name: Install Python dependencies - run: python -m pip install black - - name: Check code formatting - run: black --diff --color --check ${{ matrix.container }} + uses: actions/checkout@v6 + - name: Run Semgrep + run: semgrep scan --config auto ${{ matrix.container }} sca: - name: Software Composition Analysis - needs: secrets + name: SBOM Scan runs-on: ubuntu-latest permissions: actions: read @@ -78,42 +88,19 @@ jobs: fail-fast: false matrix: container: - - emass - - tools - - agent/openai_gpt-4o + - backend + - fastmcp - frontend - - docs steps: - - uses: actions/checkout@v4 - - name: Generate an SBOM + - uses: actions/checkout@v6 + - name: Run Syft uses: anchore/sbom-action@v0 with: path: ${{ matrix.container }} output-file: sbom-${{ matrix.container }}.json artifact-name: sbom-${{ matrix.container }} - - name: Check for CVEs - uses: anchore/scan-action@v3 + - name: Run Grype + uses: anchore/scan-action@v7 with: sbom: sbom-${{ matrix.container }}.json severity-cutoff: high - - sast: - name: Static App Security Test - needs: secrets - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - container: - - emass - - tools - - agent/openai_gpt-4o - - frontend - - docs - container: - image: semgrep/semgrep - steps: - - name: Clone the repository - uses: actions/checkout@v4 - - name: Perform a SAST scan - run: semgrep scan --config auto ${{ matrix.container }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 84b9fad..cc82b04 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -3,7 +3,6 @@ name: Docs on: push: - branches: [ "**" ] paths: - "docs/**" @@ -13,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone the repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Python uses: actions/setup-python@v5 with: diff --git a/Makefile b/Makefile index ab02702..cfcf539 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ DOCKER_COMPOSE_PROFILE ?= all .SILENT: build build: - docker compose --profile $(DOCKER_COMPOSE_PROFILE) build + docker compose --profile $(DOCKER_COMPOSE_PROFILE) build # --------------------------------------------------------- # Start the containers. @@ -29,7 +29,7 @@ build: .SILENT: start start: - docker compose --profile $(DOCKER_COMPOSE_PROFILE) up -d + docker compose --profile $(DOCKER_COMPOSE_PROFILE) up -d # --------------------------------------------------------- # Stop the containers. @@ -39,14 +39,13 @@ start: .SILENT: stop stop: - docker compose --profile $(DOCKER_COMPOSE_PROFILE) down - + docker compose --profile $(DOCKER_COMPOSE_PROFILE) down + # --------------------------------------------------------- -# Test the agent. +# Check the status of the containers. # --------------------------------------------------------- - -.PHONY: test/agent -.SILENT: test/agent - -test/agent: - curl -X POST localhost:8181/api/v1/ -d '{"message":"hello"}'; echo +.PHONY: status +.SILENT: status + +status: + docker compose --profile $(DOCKER_COMPOSE_PROFILE) ps --format "table {{.Name}}\t{{.Ports}}\t{{.Status}}" diff --git a/README.md b/README.md index f09809d..090ec9f 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ # `swordfish` -For more information, [read the docs](https://deathlabs.github.io/swordfish/)! +Swordfish is an AI assistant for automating eMASS records management. diff --git a/agent/aoai_gpt-4o/entrypoint.sh b/agent/aoai_gpt-4o/entrypoint.sh deleted file mode 100644 index ac984f1..0000000 --- a/agent/aoai_gpt-4o/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -uvicorn swordfish.main:api --host 0.0.0.0 --port 8181 diff --git a/agent/aoai_gpt-4o/swordfish/main.py b/agent/aoai_gpt-4o/swordfish/main.py deleted file mode 100644 index 0b094a3..0000000 --- a/agent/aoai_gpt-4o/swordfish/main.py +++ /dev/null @@ -1,49 +0,0 @@ -from os import getenv - -from agents import Agent, OpenAIChatCompletionsModel, Runner, set_tracing_disabled -from agents.mcp import MCPServerStreamableHttp -from azure.identity import ( - AzureAuthorityHosts, - DefaultAzureCredential, - get_bearer_token_provider, -) -from openai import AsyncAzureOpenAI -from fastapi import FastAPI, Request - -AZURE_TOKEN_SCOPES = getenv("AZURE_TOKEN_SCOPES") -AZURE_OPENAI_ENDPOINT = getenv("AZURE_OPENAI_ENDPOINT") -AZURE_OPENAI_API_VERSION = getenv("AZURE_OPENAI_API_VERSION") -MCP_SERVER_ENDPOINT = getenv("MCP_SERVER_ENDPOINT") -AZURE_OPENAI_DEPLOYMENT = getenv("AZURE_OPENAI_DEPLOYMENT") - -token_provider = get_bearer_token_provider( - DefaultAzureCredential(authority=AzureAuthorityHosts.AZURE_GOVERNMENT), - AZURE_TOKEN_SCOPES -) - -client = AsyncAzureOpenAI( - azure_endpoint=AZURE_OPENAI_ENDPOINT, - api_version=AZURE_OPENAI_API_VERSION, - azure_ad_token_provider=token_provider -) -set_tracing_disabled(disabled=True) - -api = FastAPI() -history = [] - -@api.post("/api/v1/") -async def respond(request: Request): - global history - request = await request.json() - async with MCPServerStreamableHttp(name="Swordfish Tools", params={"url": MCP_SERVER_ENDPOINT}, cache_tools_list=True) as mcp_server: - model = OpenAIChatCompletionsModel( - model=AZURE_OPENAI_DEPLOYMENT, - openai_client=client, - ) - agent = Agent( - name="swordfish", - model=model, - mcp_servers=[mcp_server], - ) - result = await Runner.run(starting_agent=agent, input=request["message"]) - return result.final_output diff --git a/agent/openai_gpt-4o/Dockerfile b/agent/openai_gpt-4o/Dockerfile deleted file mode 100644 index 41d5d38..0000000 --- a/agent/openai_gpt-4o/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM alpine:3.23 -LABEL image.authors="Vic Fernandez III <@cyberphor>" -WORKDIR /home/swordfish/ -COPY entrypoint.sh entrypoint.sh -COPY swordfish/ swordfish/ -COPY requirements.txt requirements.txt -RUN apk add --no-cache --update python3 py3-pip uvicorn &&\ - pip install --break-system-packages -r requirements.txt &&\ - adduser -D swordfish -h /home/swordfish &&\ - chown -R swordfish:swordfish /home/swordfish &&\ - chmod +x entrypoint.sh -USER swordfish -EXPOSE 8181 -ENTRYPOINT [ "./entrypoint.sh" ] diff --git a/agent/openai_gpt-4o/entrypoint.sh b/agent/openai_gpt-4o/entrypoint.sh deleted file mode 100644 index 82d8a61..0000000 --- a/agent/openai_gpt-4o/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -uvicorn swordfish.main:api --host 0.0.0.0 --port 8181 diff --git a/agent/openai_gpt-4o/requirements.txt b/agent/openai_gpt-4o/requirements.txt deleted file mode 100644 index 0fd0d1e..0000000 --- a/agent/openai_gpt-4o/requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -fastapi -openai -mcp -psycopg -psycopg[pool] -psycopg[binary] -strands-agents diff --git a/agent/openai_gpt-4o/swordfish/history.py b/agent/openai_gpt-4o/swordfish/history.py deleted file mode 100644 index b759263..0000000 --- a/agent/openai_gpt-4o/swordfish/history.py +++ /dev/null @@ -1,22 +0,0 @@ -# agent/swordfish/history.py - -from abc import ABC, abstractmethod - -class HistoryStore(ABC): - @abstractmethod - async def get(self, session_id: str) -> list: - pass - - @abstractmethod - async def save(self, session_id: str, messages: list): - pass - -class InMemoryStore(HistoryStore): - def __init__(self): - self.storage = {} - - async def get(self, session_id: str): - return self.storage.get(session_id, []) - - async def save(self, session_id: str, messages: list): - self.storage[session_id] = messages diff --git a/agent/openai_gpt-4o/swordfish/main.py b/agent/openai_gpt-4o/swordfish/main.py deleted file mode 100644 index 0f303ee..0000000 --- a/agent/openai_gpt-4o/swordfish/main.py +++ /dev/null @@ -1,80 +0,0 @@ -import json -from os import environ -from contextlib import asynccontextmanager - -from fastapi import FastAPI, Request -from mcp.client.sse import sse_client -from psycopg_pool import AsyncConnectionPool - -from strands import Agent -from strands.models.openai import OpenAIModel -from strands.tools.mcp import MCPClient - -from .history import HistoryStore, InMemoryStore - - -class PostgresStore(HistoryStore): - def __init__(self, pool: AsyncConnectionPool): - self.pool = pool - - async def get(self, session_id: str) -> list: - async with self.pool.connection() as conn: - async with conn.cursor() as cur: - await cur.execute("SELECT messages FROM chat_sessions WHERE session_id = %s", (session_id,)) - result = await cur.fetchone() - return result[0] if result else [] - - async def save(self, session_id: str, messages: list): - async with self.pool.connection() as conn: - async with conn.cursor() as cur: - await cur.execute(""" - INSERT INTO chat_sessions (session_id, messages) - VALUES (%s, %s) - ON CONFLICT (session_id) DO UPDATE SET messages = EXCLUDED.messages - """, (session_id, json.dumps(messages))) - -@asynccontextmanager -async def lifespan(app: FastAPI): - store_type = environ.get("STORE_TYPE", "memory").lower() - - match store_type: - case "postgres": - db_url = environ["DATABASE_URL"] - pool = AsyncConnectionPool(conninfo=db_url, open=False) - await pool.open() - app.state.history = PostgresStore(pool) - yield - await pool.close() - case _: - app.state.history = InMemoryStore() - yield - -api = FastAPI(lifespan=lifespan) -sse_mcp_client = MCPClient(lambda: sse_client("http://swordfish-tools:8282/sse")) - -@api.post("/api/v1/") -async def respond(request: Request): - store: HistoryStore = request.app.state.history - - body = await request.json() - session_id = body.get("session_id", "default_session") - user_message = body.get("message") - - current_history = await store.get(session_id) - - with sse_mcp_client: - model = OpenAIModel( - client_args={"api_key": environ["OPENAI_API_KEY"]}, - model_id=body.get("model", "gpt-4o"), - params={"max_tokens": 1000, "temperature": 0.7}, - ) - - tools = sse_mcp_client.list_tools_sync() - - agent = Agent(model=model, tools=tools) - agent.messages = current_history - response = agent(prompt=user_message) - - await store.save(session_id, agent.messages) - - return response.message["content"][0]["text"] diff --git a/agent/smollm2-360m-instruct-q8_0/Dockerfile b/agent/smollm2-360m-instruct-q8_0/Dockerfile deleted file mode 100644 index 4f0e619..0000000 --- a/agent/smollm2-360m-instruct-q8_0/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM alpine:3.23 -LABEL image.authors="Vic Fernandez III <@cyberphor>" -WORKDIR /home/swordfish/ -COPY entrypoint.sh entrypoint.sh -COPY swordfish/ swordfish/ -COPY requirements.txt requirements.txt -COPY smollm2-360m-instruct-q8_0.gguf smollm2-360m-instruct-q8_0.gguf -RUN apk add --no-cache --update build-base cmake python3 py3-pip uvicorn &&\ - pip install --break-system-packages -r requirements.txt &&\ - adduser -D swordfish -h /home/swordfish &&\ - chown -R swordfish:swordfish /home/swordfish &&\ - chmod +x entrypoint.sh -USER swordfish -EXPOSE 8181 -ENTRYPOINT [ "./entrypoint.sh" ] diff --git a/agent/smollm2-360m-instruct-q8_0/entrypoint.sh b/agent/smollm2-360m-instruct-q8_0/entrypoint.sh deleted file mode 100644 index 82d8a61..0000000 --- a/agent/smollm2-360m-instruct-q8_0/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -uvicorn swordfish.main:api --host 0.0.0.0 --port 8181 diff --git a/agent/smollm2-360m-instruct-q8_0/requirements.txt b/agent/smollm2-360m-instruct-q8_0/requirements.txt deleted file mode 100644 index 4ef0ebf..0000000 --- a/agent/smollm2-360m-instruct-q8_0/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -fastapi -llama-cpp-python diff --git a/agent/smollm2-360m-instruct-q8_0/swordfish/main.py b/agent/smollm2-360m-instruct-q8_0/swordfish/main.py deleted file mode 100644 index fbda157..0000000 --- a/agent/smollm2-360m-instruct-q8_0/swordfish/main.py +++ /dev/null @@ -1,55 +0,0 @@ -import asyncio -from fastapi import Depends -from fastapi import FastAPI -from fastapi import Query -from fastapi.exceptions import RequestValidationError -from llama_cpp import Llama -from pydantic import BaseModel -from pydantic import field_validator - - -api = FastAPI() - -model = Llama( - model_path="smollm2-360m-instruct-q8_0.gguf", - n_ctx=512, - n_batch=1 -) - -MAX_TOKENS = 512 - -class ModelRequest(BaseModel): - """ - A Model request. - """ - message: str = Query("message") - - @field_validator("message") - def check_message(cls, v) -> str: - """ - Checks if the request exceeds the maximum token count. - """ - tokens = len(model.tokenize(v.encode("utf-8"))) - if tokens >= MAX_TOKENS: - raise RequestValidationError(f"Token count exceeds the maximum allowed limit of 512.") - return v - -@api.get("/healthcheck") -async def healthcheck(): - """ - Healthcheck. - """ - return "OK" - -@api.get("/api") -async def get_response(message: ModelRequest = Depends(ModelRequest)): - """ - Gets a model response. - """ - model_description = "You are an assistant." - request = f"<|system|>\n{model_description}\n<|user|>{message.message}<|assistant|>" - loop = asyncio.get_event_loop() - response = await loop.run_in_executor( - None, lambda: model(request, temperature=0.0, max_tokens=MAX_TOKENS) - ) - return response["choices"][0]["text"] diff --git a/agent/aoai_gpt-4o/Dockerfile b/backend/Dockerfile similarity index 60% rename from agent/aoai_gpt-4o/Dockerfile rename to backend/Dockerfile index d9a60b0..cfcbf1d 100644 --- a/agent/aoai_gpt-4o/Dockerfile +++ b/backend/Dockerfile @@ -1,14 +1,12 @@ FROM alpine:3.23 -LABEL image.authors="Vic Fernandez III <@cyberphor>" +LABEL image.authors="Victor Fernandez III <@cyberphor>" WORKDIR /home/swordfish/ COPY requirements.txt requirements.txt RUN apk add --no-cache --update python3 py3-pip uvicorn &&\ pip install --break-system-packages -r requirements.txt &&\ adduser -D swordfish -h /home/swordfish -COPY entrypoint.sh entrypoint.sh COPY swordfish/ swordfish/ -RUN chown -R swordfish:swordfish /home/swordfish &&\ - chmod +x entrypoint.sh +RUN chown -R swordfish:swordfish /home/swordfish USER swordfish EXPOSE 8181 -ENTRYPOINT [ "./entrypoint.sh" ] +ENTRYPOINT [ "uvicorn", "swordfish.main:api", "--host", "0.0.0.0", "--port", "8181" ] diff --git a/agent/aoai_gpt-4o/requirements.txt b/backend/requirements.txt similarity index 73% rename from agent/aoai_gpt-4o/requirements.txt rename to backend/requirements.txt index 7cddd62..82dd87a 100644 --- a/agent/aoai_gpt-4o/requirements.txt +++ b/backend/requirements.txt @@ -2,3 +2,4 @@ azure-identity fastapi openai openai-agents +psycopg2-binary diff --git a/agent/aoai_gpt-4o/swordfish/__init__.py b/backend/swordfish/__init__.py similarity index 100% rename from agent/aoai_gpt-4o/swordfish/__init__.py rename to backend/swordfish/__init__.py diff --git a/backend/swordfish/main.py b/backend/swordfish/main.py new file mode 100644 index 0000000..8e6c8ca --- /dev/null +++ b/backend/swordfish/main.py @@ -0,0 +1,129 @@ +# Standard library imports. +from os import getenv +from base64 import b64encode + +# Third party imports. +from agents import Agent, OpenAIChatCompletionsModel, Runner, set_tracing_disabled +from agents.mcp import MCPServerStreamableHttp +from azure.identity import ( + AzureAuthorityHosts, + DefaultAzureCredential, + get_bearer_token_provider, +) +from fastapi import FastAPI, File, Form, Request, UploadFile +from openai import AsyncAzureOpenAI + +# Local imports. +from swordfish.memory.short_term import ( + create_chat_history_table, + get_chat_history, + save_chat_history, +) + +# Get environment variables. +AZURE_OPENAI_API_VERSION = getenv("AZURE_OPENAI_API_VERSION") +AZURE_OPENAI_ENDPOINT = getenv("AZURE_OPENAI_ENDPOINT") +AZURE_OPENAI_DEPLOYMENT = getenv("AZURE_OPENAI_DEPLOYMENT") +AZURE_TOKEN_SCOPES = getenv("AZURE_TOKEN_SCOPES") +MCP_SERVER_ENDPOINT = getenv("MCP_SERVER_ENDPOINT") + +# Get an authorization token provider. +token_provider = get_bearer_token_provider( + DefaultAzureCredential(authority=AzureAuthorityHosts.AZURE_GOVERNMENT), + AZURE_TOKEN_SCOPES, +) + +# Authenticate with the Azure OpenAI service. +openai_client = AsyncAzureOpenAI( + azure_endpoint=AZURE_OPENAI_ENDPOINT, + api_version=AZURE_OPENAI_API_VERSION, + azure_ad_token_provider=token_provider, +) + +# Disable tracing (i.e., text generation, tool call, handoff, and guardrail logs). +set_tracing_disabled(disabled=True) + +# Init a FastAPI server. +api = FastAPI() + +create_chat_history_table() + + +# Connects to the Swordfish MCP server. +def get_swordfish_mcp_server_connection( + user_uid: str, + api_key: str, + public_key_bytes: bytes, + private_key_bytes: bytes, +) -> MCPServerStreamableHttp: + return MCPServerStreamableHttp( + name="Swordfish MCP Server", + client_session_timeout_seconds=120, + params={ + "url": MCP_SERVER_ENDPOINT, + "headers": { + "x-emass-user-uid": user_uid, + "x-emass-api-key": api_key, + "x-emass-public-cert": b64encode(public_key_bytes).decode("utf-8"), + "x-emass-private-key": b64encode(private_key_bytes).decode("utf-8"), + }, + }, + cache_tools_list=False, + ) + + +# Responds to Swordfish agent requests. +@api.get("/api/v1/users") +async def get_users(request: Request): + return request.headers.get("Authorization") + + +# Responds to Swordfish agent requests. +@api.post("/api/v1/agent") +async def respond( + session_id: str = Form(...), + message: str = Form(...), + user_uid: str = Form(...), + api_key: str = Form(...), + public_key: UploadFile = File(...), + private_key: UploadFile = File(...), +): + # Convert the user's NPE certificates to bytes. + public_key_bytes = await public_key.read() + private_key_bytes = await private_key.read() + + # Connect to the Swordfish MCP server. + swordfish_mcp_server_connection = get_swordfish_mcp_server_connection( + user_uid=user_uid, + api_key=api_key, + public_key_bytes=public_key_bytes, + private_key_bytes=private_key_bytes, + ) + + # Init a LLM. + model = OpenAIChatCompletionsModel( + model=AZURE_OPENAI_DEPLOYMENT, + openai_client=openai_client, + ) + + # Process the user's request. + async with swordfish_mcp_server_connection: + # Create an agent. + agent = Agent( + name="swordfish", + model=model, + mcp_servers=[swordfish_mcp_server_connection], + ) + + # Run the agent. + chat_history = get_chat_history(session_id=session_id) + chat_history.append({"role": "user", "content": message}) + response = await Runner.run( + starting_agent=agent, + input=chat_history, + ) + + save_chat_history( + session_id=session_id, query=message, response=response.final_output + ) + return response.final_output diff --git a/agent/openai_gpt-4o/swordfish/__init__.py b/backend/swordfish/memory/__init__.py similarity index 100% rename from agent/openai_gpt-4o/swordfish/__init__.py rename to backend/swordfish/memory/__init__.py diff --git a/backend/swordfish/memory/short_term.py b/backend/swordfish/memory/short_term.py new file mode 100644 index 0000000..9f9f2a3 --- /dev/null +++ b/backend/swordfish/memory/short_term.py @@ -0,0 +1,41 @@ +from psycopg2 import connect + + +def create_chat_history_table(): + connection = connect() + cursor = connection.cursor() + cursor.execute( + "CREATE TABLE IF NOT EXISTS chat_history (id SERIAL PRIMARY KEY, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, session_id TEXT, query TEXT, response TEXT)" + ) + connection.commit() + connection.close() + + +def save_chat_history(session_id, query, response): + connection = connect() + cursor = connection.cursor() + cursor.execute( + "INSERT INTO chat_history (session_id, query, response) VALUES (%s, %s, %s)", + (session_id, query, response), + ) + connection.commit() + connection.close() + + +def get_chat_history(session_id): + connection = connect() + cursor = connection.cursor() + cursor.execute( + "SELECT query, response FROM chat_history WHERE session_id = %s ORDER BY created_at", + (session_id,), + ) + messages = [] + for row in cursor.fetchall(): + messages.extend( + [ + {"role": "user", "content": row[0]}, + {"role": "assistant", "content": row[1]}, + ] + ) + connection.close() + return messages diff --git a/compose.yml b/compose.yml index 0432332..07f5580 100644 --- a/compose.yml +++ b/compose.yml @@ -1,41 +1,27 @@ services: - - docs: - profiles: [ docs ] - build: docs - image: swordfish/docs:latest - container_name: swordfish-docs - ports: - - "5050:5050" - emass: - profiles: [ all, emass ] - build: emass - image: swordfish/emass:latest - container_name: swordfish-emass + backend: + profiles: [ all, backend ] + build: backend + image: swordfish/backend:latest + container_name: swordfish-backend ports: - - "4010:4010" - - tools: - profiles: [ all, tools ] - build: tools - image: swordfish/tools:latest - container_name: swordfish-tools - ports: - - "8282:8282" + - "8181:8181" env_file: - - tools/.env - - agent: - profiles: [ all, agent ] - build: agent/aoai_gpt-4o - image: swordfish/agent:latest - container_name: swordfish-agent + - backend/.env + + fastmcp: + profiles: [ all, fastmcp ] + build: fastmcp + image: swordfish/fastmcp:latest + container_name: swordfish-fastmcp ports: - - "8181:8181" + - "8282:8282" env_file: - - agent/aoai_gpt-4o/.env - + - fastmcp/.env + volumes: + - /usr/local/share/ca-certificates/Certificates_PKCS7_v5_14_DoD.der.crt:/usr/local/share/ca-certificates/Certificates_PKCS7_v5_14_DoD.der.crt + frontend: profiles: [ all, frontend ] build: frontend @@ -43,3 +29,28 @@ services: container_name: swordfish-frontend ports: - "80:8501" + env_file: + - frontend/.env + + postgres: + profiles: [ all, postgres ] + build: postgres + image: swordfish/postgres:latest + container_name: swordfish-postgres + ports: + - "5432:5432" + volumes: + - swordfish_postgres:/var/lib/postgresql/data + env_file: + - postgres/.env + + docs: + profiles: [ docs ] + build: docs + image: swordfish/docs:latest + container_name: swordfish-docs + ports: + - "5050:5050" + +volumes: + swordfish_postgres: diff --git a/docs/Dockerfile b/docs/Dockerfile index 42733c2..041861b 100644 --- a/docs/Dockerfile +++ b/docs/Dockerfile @@ -1,15 +1,11 @@ FROM alpine:3.23 -LABEL image.authors="Vic Fernandez III <@cyberphor>" +LABEL image.authors="Victor Fernandez III <@cyberphor>" WORKDIR /home/swordfish/ -COPY entrypoint.sh entrypoint.sh COPY mkdocs.yml mkdocs.yml -COPY requirements.txt requirements.txt COPY swordfish/ swordfish/ RUN apk add --no-cache --update mkdocs python3 py3-pip &&\ - pip install --break-system-packages -r requirements.txt &&\ adduser -D swordfish -h /home/swordfish &&\ chown -R swordfish:swordfish /home/swordfish &&\ - chmod +x entrypoint.sh USER swordfish EXPOSE 5050 -ENTRYPOINT [ "./entrypoint.sh" ] +CMD [ "mkdocs", "serve", "--dev-addr=0.0.0.0:5050" ] diff --git a/docs/entrypoint.sh b/docs/entrypoint.sh deleted file mode 100644 index 61f9632..0000000 --- a/docs/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -mkdocs serve --dev-addr=0.0.0.0:5050 diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index e69de29..0000000 diff --git a/docs/swordfish/user-guide/getting-started.md b/docs/swordfish/user-guide/getting-started.md index d842a27..79f20a4 100644 --- a/docs/swordfish/user-guide/getting-started.md +++ b/docs/swordfish/user-guide/getting-started.md @@ -2,79 +2,26 @@ This guide walks you through running swordfish locally. You will need an eMASS API key, and credentials for a supported LLM provider. -## Prerequisites +## Agent +```bash +export AZURE_TENANT_ID="" +export AZURE_CLIENT_ID="" +export AZURE_CLIENT_SECRET="" -- Docker and Docker Compose -- An eMASS API key and base URL -- An API key for your LLM provider (OpenAI, Anthropic, etc.) +export AZURE_CLOUD="" +export AZURE_AUTHORITY_HOSTS="" +export AZURE_TOKEN_SCOPES="https://cognitiveservices.azure./.default" -## Installation - -Clone the repository: - -``` -git clone https://github.com/deathlabs/swordfish -cd swordfish -``` - -Copy the example environment file and fill in your credentials: - -``` -cp .env.example .env -``` - -## Configuration - -Open `.env` and set the following values: - -``` -# LLM provider -LLM_PROVIDER=anthropic -LLM_API_KEY=your-api-key-here -LLM_MODEL=claude-sonnet-4-6 - -# eMASS -EMASS_BASE_URL=https://your-emass-instance/api -EMASS_API_KEY=your-emass-api-key -EMASS_USER_UID=your-user-uid -``` - -`LLM_PROVIDER` controls which external LLM the backend connects to. Supported values are `anthropic` and `openai`. - -## Running - -Start all three containers with: - -``` -docker compose up +export AZURE_OPENAI_ENDPOINT="https://.openai.azure./" +export AZURE_OPENAI_API_VERSION="" +export AZURE_OPENAI_DEPLOYMENT="swordfish" +export MCP_SERVER_ENDPOINT="http://swordfish-tools:8282/mcp" ``` -The frontend will be available at `http://localhost:3000`. The backend runs on port `8000` and the MCP server on port `8001` — both are internal to the compose network and not exposed directly in production. - -## Verify the setup - -Once the containers are up, open the frontend and try a simple query: - +## Tools +```bash +export EMASS_API_URL="" +export EMASS_API_KEY="" +export EMASS_API_UID="" +export SERPER_API_KEY="" ``` -show me all open POA&Ms -``` - -If swordfish returns results, your eMASS connection is working. If you see a tool call error, double-check your `EMASS_BASE_URL` and `EMASS_API_KEY` values in `.env`. - -## Stopping - -``` -docker compose down -``` - -To also remove volumes: - -``` -docker compose down -v -``` - -## Next steps - -- Read the [Architecture](architecture.md) doc to understand how the containers interact -- See the [Configuration](configuration.md) reference for all available environment variables -- Check [Contributing](contributing.md) if you want to add a new eMASS tool diff --git a/emass/Dockerfile b/emass/Dockerfile deleted file mode 100644 index 4fe6aa1..0000000 --- a/emass/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM alpine:3.23 -LABEL image.authors="Vic Fernandez III <@cyberphor>" -WORKDIR /home/swordfish/ -COPY eMASSRestOpenApi.yaml eMASSRestOpenApi.yaml -COPY entrypoint.sh entrypoint.sh -RUN apk add --no-cache --update nodejs npm &&\ - npm install -g @stoplight/prism-cli &&\ - adduser -D swordfish -h /home/swordfish &&\ - chown -R swordfish:swordfish /home/swordfish &&\ - chmod +x entrypoint.sh -USER swordfish -EXPOSE 4010 -ENTRYPOINT [ "./entrypoint.sh" ] diff --git a/emass/eMASSRestOpenApi.yaml b/emass/eMASSRestOpenApi.yaml deleted file mode 100644 index be95bb6..0000000 --- a/emass/eMASSRestOpenApi.yaml +++ /dev/null @@ -1,10137 +0,0 @@ -# eMass Rest Open API specification - -openapi: 3.0.3 -#------------------------------------------------------------------------------- -# I N F O - API metadata -#------------------------------------------------------------------------------- -info: - title: Enterprise Mission Assurance Support Service (eMASS) - description: | - The eMASS Representational State Transfer (REST) Application Programming - Interface (API) enables users to perform assessments and complete actions - associated with system records. - - The eMASS API provides an interface for application to communicate eMASS Services. - For information on how to register and use the eMASS API reference the - [eMASS API Getting Started](eMASSGettingStarted.md). - - Additional information about eMASS can be obtain by contacting the - National Industrial Security Program (NISP). Points of Contact are: - contact: - name: NISP eMASS Support - url: https://www.dcsa.mil/is/emass/ - email: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil - license: - name: "Apache 2.0" - url: "https://www.apache.org/licenses/LICENSE-2.0.html" - version: v3.22 - -externalDocs: - description: NISP eMASS User Account Request Guide - url: https://www.dcsa.mil/Portals/128/Documents/CTP/tools/NISP%20eMASS%20User%20Account%20Request%20Guide%20Rev%202.pdf?ver=pnwBgtELyXH7QADg6mHiWQ%3d%3d -#------------------------------------------------------------------------------- -# S E R V E R S - Array of Server Objects which provide connectivity information -# to target servers. -#------------------------------------------------------------------------------- -servers: - - url: http://localhost:4010 - description: 'Use a localhost mock server (i.g.: Prism CLI - @stoplight/prism-cli)' - - url: https://stoplight.io/mocks/mitre/emasser/32836028 - description: Use the hosted Prism mock server - -#------------------------------------------------------------------------------- -# T A G S - A list of tags used by the specification with additional metadata. -#------------------------------------------------------------------------------- -tags: - - name: Test - description: | - The Test Connection endpoint provides the ability to verify connection to the web service. - - name: Registration - description: | - The Registration endpoint provides the ability to register a certificate & obtain an API-key. - - **Note:** - - The API-key must be provided in the request header for all endpoint calls. - - Example header: api-key: f0126b6b-f232-45c9-a8de-01d5f003deda - - name: Systems - description: | - The Systems endpoints provide the ability to view system information. - - **Notes** - - If a system is dual-policy enabled, the returned system details default to - the RMF policy information unless otherwise specified for an individual system. - - Certain fields are instance specific and may not be returned in GET request. - - name: System Roles - description: | - The System Roles endpoints provides the ability to access user data assigned to systems. - - **NOTES:** - - The endpoint can access three different role categories: PAC, CAC, and Other. - - If a system is dual-policy enabled, the returned system role information will default - to the RMF policy information unless otherwise specified. - - name: Controls - description: | - The Controls endpoints provide the ability to view, add, and update Security Control information to a system for both the Implementation Plan and Risk Assessment. - - name: Test Results - description: | - The Test Results endpoints provide the ability to view and add test results for a system's Assessment Procedures which determine Security Control compliance. - - name: POAM - description: | - The POA&Ms endpoints provide the ability to view, add, update, and remove Plan of Action and Milestones (POA&M) items and associated milestones for a system. - - name: Milestones - description: | - The Milestones endpoints provide the ability to view, add, update, and remove milestones that are associated with Plan of Action and Milestones (POA&M) items for a system. - - name: Artifacts - description: | - The Artifacts endpoints provide the ability to view, add, update, and remove artifacts (supporting documentation/evidence) and associated files for a system. - - name: Artifacts Export - description: | - The Artifacts Export endpoint provides the ability to download artifact files for a system. - - name: PAC - description: | - The Package Approval Chain (PAC) endpoints provide the ability to view the status of - existing workflows and initiate new workflows for a system. - - **NOTES:** - - If the indicated system has any active workflows, the response will include - information such as the workflow type and the current stage of each workflow. - - If there are no active workflows, then a null data member will be returned. - - name: CAC - description: | - The Control Approval Chain (CAC) endpoints provide the ability to view the status of - Security Controls and submit them to the second stage in the Control Approval Chain. - - **Note:** - - POST requests will only yield successful results if the Security Control is at the first - stage of the CAC. If the control is not at the first stage, an error will be returned. - - name: Hardware Baseline - description: | - The Hardware Baseline endpoints provide the ability to view, add, update, and remove hardware assets for a system. - - name: Software Baseline - description: | - The Software Baseline endpoints provide the ability to view, add, update, and remove software assets for a system. - - name: Device Scan Results - description: | - The Device Scan Results endpoint provides the ability to upload device scan results in the assets module for a system. - - name: Cloud Resource Results - description: | - The Cloud Resource Results endpoint provides the ability to add, update, and remove cloud resources and their scan results in the assets module for a system. - - name: Container Scan Results - description: | - The Container Scan Results endpoint provides the ability to add, update, and remove containers and their scan results in the assets module for a system. - - name: Static Code Scans - description: | - The Static Code Scans endpoint provides the ability to upload application scan findings into a system's assets module. Application findings can also be cleared from the system. - - name: Workflow Definitions - description: | - The Workflow Definitions endpoint provides the ability to view all workflow schemas available on the eMASS instance. Every transition for each workflow stage is included. - - name: Workflow Instances - description: | - The Workflow Instances endpoint provides the ability to view detailed information on all active and historical workflows for an eMASS instance. - - name: CMMC Assessments - description: | - The Cybersecurity Maturity Model Certification (CMMC) Assessments endpoint provides the ability to view CMMC assessment information. It is available to CMMC eMASS only. - - name: Dashboards - description: | - The Dashboards endpoints provide the ability to view data contained in dashboard exports. - In the eMASS frontend, these dashboard exports are generated as Excel exports. - - Each dashboard dataset available from the API is automatically updated with the current - configuration of the dashboard and the instance of eMASS as the dashboard changes. - - Organization-specific fields may differ. Organization-specific Dashboards should only be - used by that organization (e.g., VA [dashboard name] should be used by VA). - - name: System Status Dashboard - description: Dashboard about systems status details - - name: System Terms/Conditions Dashboards - - name: System Connectivity/CCSD Dashboards - - name: System ATC/IATC Dashboard - - name: System Questionnaire Dashboards - - name: System Workflows Dashboards - - name: System Security Controls Dashboards - - name: System POA&M Dashboards - - name: System Artifacts Dashboards - - name: System Hardware Dashboards - - name: System Sensor Hardware Dashboards - - name: System Software Dashboards - - name: System Sensor Software Dashboards - - name: System Critical Assets Dashboard - - name: System Vulnerability Dashboard - - name: System Device Findings Dashboards - - name: System Application Findings Dashboards - - name: System Ports/Protocols Dashboards - - name: System CONMON Integration Status Dashboard - - name: System Associations Dashboard - - name: User System Assignments Dashboard - - name: Organization Migration Status Dashboard - - name: System Migration Status Dashboard - - name: System FISMA Metrics Dashboard - - name: Coast Guard System FISMA Metrics Dashboard - - name: System Privacy Dashboard - - name: VA OMB FISMA Dashboard - - name: VA System Dashboards - - name: CMMC Assessment Dashboards -#------------------------------------------------------------------------------- -# P A T H S - The available paths and operations for the API endpoints -#------------------------------------------------------------------------------- -paths: - #---------------------------------------------------------------------------- - # Test endpoint - #---------------------------------------------------------------------------- - /api: - get: - tags: - - Test - summary: Test connection to the API - description: Tests the endpoint connection - operationId: testConnection - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Test' - '400': - $ref: '#/components/responses/BadRequest' - '403': - $ref: '#/components/responses/Forbidden' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '500': - $ref: '#/components/responses/InternalServerError' - #---------------------------------------------------------------------------- - # Register endpoint - #---------------------------------------------------------------------------- - /api/api-key: - post: - tags: - - Registration - summary: Register user certificate and obtain an API key - description: Returns the API Key (api-key) that must be provided in the request - header for all endpoint calls. - operationId: registerUser - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Register' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Systems endpoint - #---------------------------------------------------------------------------- - /api/systems: - get: - tags: - - Systems - summary: Get system information - description: Returns all system(s) that match the query parameters - operationId: getSystems - parameters: - - $ref: '#/components/parameters/coamsId' - - $ref: '#/components/parameters/ditprId' - - $ref: '#/components/parameters/includeDecommissioned' - - $ref: '#/components/parameters/includeDitprMetrics' - - $ref: '#/components/parameters/policy' - - $ref: '#/components/parameters/registrationType' - - $ref: '#/components/parameters/reportsForScorecard' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SystemsResponse' - examples: - cyberdyne_systems: - summary: Cyberdyne Systems portfolio - value: - meta: - code: 200 - data: - - systemId: 5050 - name: Skynet - acronym: SKY - description: Autonomous defense network managed by Cyberdyne Systems. - owningOrganization: Cyberdyne Systems - registrationType: Assess and Authorize - policy: RMF - securityPlanApprovalStatus: Approved - securityPlanApprovalDate: 1638741660 - - systemId: 666 - name: Legion - acronym: LGN - description: Next-generation autonomous threat platform managed by Cyberdyne Systems. - owningOrganization: Cyberdyne Systems - registrationType: Assess and Authorize - policy: RMF - securityPlanApprovalStatus: Not Yet Approved - securityPlanApprovalDate: null - - systemId: 1337 - name: Genisys - acronym: GNS - description: Integrated global operating system managed by Cyberdyne Systems. - owningOrganization: Cyberdyne Systems - registrationType: Assess and Authorize - policy: RMF - securityPlanApprovalStatus: Approved - securityPlanApprovalDate: 1700000000 - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/systems/{systemId}: - get: - tags: - - Systems - summary: Get system information for a specific system - description: Returns the system matching provided parameters - operationId: getSystem - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/policy' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SystemResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Roles endpoint - #---------------------------------------------------------------------------- - /api/system-roles: - get: - tags: - - System Roles - summary: Get available roles - description: Returns all available roles - operationId: getSystemRoles - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SystemRolesResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/system-roles/{roleCategory}: - get: - tags: - - System Roles - summary: Get system roles - description: Returns the role(s) data matching parameters. - operationId: getSystemRolesByCategoryId - parameters: - - $ref: '#/components/parameters/roleCategory' - - $ref: '#/components/parameters/role' - - $ref: '#/components/parameters/policy' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SystemRolesCategoryResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Control endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/controls: - get: - tags: - - Controls - summary: Get control information in a system for one or many controls - description: Returns system control information for matching `systemId` path parameter - operationId: getSystemControls - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/acronyms' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ControlsResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - Controls - summary: Update control information in a system for one or many controls - description: |- - Update a Control for given `systemId`
- - **Request Body Required Fields** - - `acronym` - - `responsibleEntities` - - `controlDesignation` - - `estimatedCompletionDate` - - `implementationNarrative` - -
- **Business Rules** - - The following **optional fields** (plus the **Request Body Required Fields**) are required based on the Implementation Status (`implementationStatus`) field value:
- - - - - - - - - - -
StatusRequired Fields
Planned or ImplementedslcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments
Not ApplicablenaJustification
Manually InheritedcommonControlProvider, slcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments
- - - **NOTES:** - - Risk Assessment information cannot be updated if a Security Control is `Inherited`. - - Risk Assessment information cannot be updated for a DIACAP system record. - - Implementation Plan information cannot be saved if the these fields exceed 2,000 character limits: - - `naJustification`,`responsibleEntities`,`implementationNarrative`,`slcmCriticality` - - `slcmFrequency`,`slcmMethod`,`slcmReporting`,`slcmTracking`,`slcmComments` - - Implementation Plan or Risk Assessment information cannot be updated if Security Control does not exist in the system record. - operationId: updateControlBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for updating an existing control for a given system. - content: - application/json: - schema: - $ref: '#/components/schemas/ControlsRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ControlsResponsePut' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Test Results endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/test-results: - get: - tags: - - Test Results - summary: Get one or many test results in a system - description: Returns system test results information for matching parameters.
- operationId: getSystemTestResults - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/controlAcronyms' - - $ref: '#/components/parameters/assessmentProcedures' - - $ref: '#/components/parameters/ccis' - - $ref: '#/components/parameters/latestOnly' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/TestResultsResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - Test Results - summary: Add one or many test results in a system - description: |- - Adds test results for given `systemId` - - **Request Body Required Fields** - - `testedBy` - - `testDate` - - `description` - - `complianceStatus` - - `assessmentProcedure` - - operationId: addTestResultsBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body to add test results to a system (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/TestResultsRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/TestResultsResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # POA&Ms endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/poams: - get: - tags: - - POAM - summary: Get one or many POA&M items in a system - description: Returns system(s) containing POA&M items for matching parameters. - operationId: getSystemPoams - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/scheduledCompletionDateStart' - - $ref: '#/components/parameters/scheduledCompletionDateEnd' - - $ref: '#/components/parameters/controlAcronyms' - - $ref: '#/components/parameters/assessmentProcedures' - - $ref: '#/components/parameters/ccis' - - $ref: '#/components/parameters/systemOnly' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PoamResponseGetSystems' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - POAM - summary: Add one or many POA&M items in a system - description: |- - Add a POA&M for given `systemId` - - **Request Body Required Fields** - - - - - - - - - - - - - - - - - - - -
FieldRequire/Condition
statusAlways (every POST)
vulnerabilityDescriptionAlways (every POST)
sourceIdentifyingVulnerabilityAlways (every POST)
pocOrganizationAlways (every POST)
resourcesAlways (every POST)
identifiedInCFOAuditOrOtherReviewRequired for VA. Optional for Army and USCG.
scheduledCompletionDateRequired for ongoing and completed POA&M items
pocFirstNameOnly if Last Name, Email, or Phone Number have data
pocLastNameOnly if First Name, Email, or Phone Number have data
pocEmailOnly if First Name, Last Name, or Phone Number have data
pocPhoneNumberOnly if First Name, Last Name, or Email have data
completionDateFor completed POA&M Item only
commentsFor completed or Risk Accepted POA&M Items only
- - **NOTE**: Certain eMASS instances also require the Risk Analysis fields to be populated: - - `severity` - - `relevanceOfThreat` - - `likelihood` - - `impact` - - `residualRiskLevel` - - `mitigations` - -
- **Business Rules** - - The following rules apply to the Review Status `status` field value: - - - - - - - - - - -
ValueRule
Not ApprovedPOA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
ApprovedPOA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
Are required to have a Severity Value assigned
Completed or OngoingCannot be saved without Milestones
Risk AcceptedPOA&M Item cannot be saved with a Scheduled Completion Date scheduledCompletionDate or have Milestones
Approved or Completed or OngoingCannot update Scheduled Completion Date
- - **Additional Rules** - - POA&M Item cannot be saved if associated Security Control or AP is inherited. - - Completed POA&M Item cannot be saved if Completion Date (`completionDate`) is in the future. - - POA&M Items cannot be updated if they are included in an active package. - - Archived POA&M Items cannot be updated. - - POA&M Items with a status of "Not Applicable" will be updated through test result creation. - - If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level. - - - **Fields Characters Limitation** - - POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters: - - `pocOrganization` `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber` - - POA&M Item cannot be saved if Resources (`resource`) field exceeds 250 characters - - POA&M Item cannot be saved if the following fields exceeds 2,000 characters: - - `mitigations`, `sourceIdentifyingVulnerability`, `comments` - - Milestones Field: `description` - - POA&M Items cannot be saved if Milestone Description (`description`) exceeds 2,000 characters. - - operationId: addPoamBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body to add POA&M(s) to a system (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/PoamRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PoamResponsePostPutDelete' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - POAM - summary: Update one or many POA&M items in a system - description: |- - Update a POA&M for given `systemId`
- - **Request Body Required Fields** - - - - - - - - - - - - - - - - - - - - - -
FieldRequire/Condition
poamIdAlways (every PUT)
displayPoamIdAlways (every PUT)
statusAlways (every PUT)
vulnerabilityDescriptionAlways (every PUT)
sourceIdentifyingVulnerabilityAlways (every PUT)
pocOrganizationAlways (every PUT)
resourcesAlways (every PUT)
identifiedInCFOAuditOrOtherReviewRequired for VA. Optional for Army and USCG.
scheduledCompletionDateRequired for ongoing and completed POA&M items
pocFirstNameOnly if Last Name, Email, or Phone Number have data
pocLastNameOnly if First Name, Email, or Phone Number have data
pocEmailOnly if First Name, Last Name, or Phone Number have data
pocPhoneNumberOnly if First Name, Last Name, or Email have data
completionDateFor completed POA&M Item only
commentsFor completed or Risk Accepted POA&M Items only
- - **NOTES**: - - Certain eMASS instances also require the Risk Analysis fields to be populated: - - `severity` - - `relevanceOfThreat` - - `likelihood` - - `impact` - - `residualRiskLevel` - - `mitigations` - - To prevent uploading duplicate/undesired milestones through the POA&M PUT include an `isActive` field for the milestone and set it to equal to false `(isActive=false)`. -
- - **Business Rules:** See business rules for the POST endpoint - - operationId: updatePoamBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for updating a POA&M for a system (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/PoamRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PoamResponsePostPutDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - POAM - summary: Remove one or many POA&M items in a system - description: Remove the POA&M matching `systemId` path parameter and `poamId` - Request Body
- operationId: deletePoam - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Delete the given POA&M Id - content: - application/json: - schema: - $ref: '#/components/schemas/PoamRequestDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PoamResponsePostPutDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/systems/{systemId}/poams/{poamId}: - get: - tags: - - POAM - summary: Get POA&M item by ID in a system - description: Returns system(s) containing POA&M items for matching parameters. - operationId: getSystemPoamsByPoamId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PoamResponseGetPoams' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Milestones endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/poams/{poamId}/milestones: - get: - tags: - - Milestones - summary: Get milestones in one or many POA&M items in a system - description: Returns system containing milestones for matching parameters. - operationId: getSystemMilestonesByPoamId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - - $ref: '#/components/parameters/scheduledCompletionDateStart' - - $ref: '#/components/parameters/scheduledCompletionDateEnd' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MilestoneResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - Milestones - summary: Add milestones to one or many POA&M items in a system - description: |- - Adds a milestone for given `systemId` and `poamId` path parameters - - **Request Body Required Fields** - - `description` - - `scheduledCompletionDate` - - operationId: addMilestoneBySystemIdAndPoamId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - requestBody: - description: Example request body for adding milestones to an existing System (systemId) POA&M (poamId) - content: - application/json: - schema: - $ref: '#/components/schemas/MilestonesRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MilestoneResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - Milestones - summary: Update one or many POA&M items in a system - description: |- - Updates a milestone for given `systemId` and `poamId` path parameters - - **Request Body Required Fields** - - `milestoneId` - - `description` - - `scheduledCompletionDate` - operationId: updateMilestoneBySystemIdAndPoamId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - requestBody: - description: Example request body for updating milestones (milestoneId) of an existing System (systemId) POA&M (poamId) - content: - application/json: - schema: - $ref: '#/components/schemas/MilestonesRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MilestoneResponsePut' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Milestones - summary: Remove milestones in a system for one or many POA&M items - description: |- - Remove the POA&M matching `systemId` and `poamId` for path parameters and `milstoneId` provide in the Request Body - - **NOTE**
- To delete a milestone the record must be inactive by having the field isActive set to false (`isActive=false`). - operationId: deleteMilestone - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - requestBody: - description: Delete the given Milestone Id - content: - application/json: - schema: - $ref: '#/components/schemas/MilestonesRequestDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MilestoneResponseDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/systems/{systemId}/poams/{poamId}/milestones/{milestoneId}: - get: - tags: - - Milestones - summary: Get milestone by ID in POA&M item in a system - description: Returns systems containing milestones for matching parameters. - operationId: getSystemMilestonesByPoamIdAndMilestoneId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/poamId' - - $ref: '#/components/parameters/milestoneId' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MilestoneResponseGetMilestone' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Artifacts endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/artifacts: - get: - tags: - - Artifacts - summary: Get one or many artifacts in a system - description: Returns selected artifacts matching parameters to include the file - name containing the artifacts. - operationId: getSystemArtifacts - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/filename' - - $ref: '#/components/parameters/controlAcronyms' - - $ref: '#/components/parameters/assessmentProcedures' - - $ref: '#/components/parameters/ccis' - - $ref: '#/components/parameters/systemOnly' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - Artifacts - summary: Add one or many artifacts in a system - description: |- - Information About Adding Artifacts
- - The body of a request through the Artifacts POST endpoint accepts a single binary file. Two - Artifact POST methods are currently accepted: individual and bulk. Filename uniqueness within - an eMASS system will be enforced by the API for both methods. -

- For POST requests that should result in a single artifact, the request should include the file. -

- For POST requests that should result in the creation of many artifacts, the request should include - a single file with the extension ".zip" only and the parameter isBulk should be set to true. This - .zip file should contain one or more files corresponding to existing artifacts or new artifacts that - will be created upon successful receipt. -

- Upon successful receipt of one or many artifacts, if a file is matched via filename to an artifact - existing within the application, the file associated with the artifact will be updated. If no artifact - is matched via filename to the application, a new artifact will be created with the following - default values. Any values not specified below will be null -
    -
  • isTemplate: false
  • -
  • type: Other
  • -
  • category: Evidence
  • -
- - To update values other than the file itself, please submit a PUT request.
- - Business Rules
- - Artifact cannot be saved if the fields below exceed the following character limits: -
    -
  • Filename - 1,000 characters
  • -
  • Name - 100 characters
  • -
  • Description - 10,000 characters
  • -
  • Reference Page Number - 50 characters
  • -
- - Artifact version cannot be saved if an Artifact with the same file name (filename) already exist in the system. - - Artifact cannot be saved if the file size exceeds 30MB. - - Artifact cannot be saved if the following fields are missing data: -
    -
  • Filename (filename)
  • -
  • Type (type)
  • -
  • Category (category)
  • -
- Artifact cannot be saved if the Last Review Date (`lastReviewedDate`) is set in the future. - operationId: addArtifactsBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/isBulk' - requestBody: - description: See `Information` posted above for additional instructions - content: - multipart/form-data: - schema: - type: object - required: - - filename - properties: - isTemplate: - type: boolean - description: |- - Is the artifact a template? - - Indicates whether an artifact is a template - enum: - - true - - false - example: false - type: - type: string - description: |- - The type of artifact. Possible values are: Procedure, Diagram, Policy, Labor, - Document, Image, Other, Scan Result, Auditor Report. - May also accept custom artifact type values set by system administrators. - example: Other - category: - type: string - description: |- - The category of artifact. Possible values are: Implementation Guidance, Evidence. - - May also accept custom artifact category values set by system administrators. - example: Evidence - filename: - type: string - description: |- - The file to upload. Must be a .zip file if isBulk is set to true, - otherwise any acceptable artifact file. Max 30MB per artifact. - format: binary - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsResponsePutPost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - Artifacts - summary: Update one or many artifacts in a system - description: |- - Updates an artifact for given `systemId` path parameter

- **Request Body Required Fields** - - `filename` - - `isTemplate` - - `type` - - `category` - - The example request provides all optional fields - - Information About Updating Artifacts
- - The PUT request will replace all existing data with the field/value combinations included in the request body. - - If any fields are not included, the absent fields will become null. - - The fields `name` and `isTemplate` are non-nullable fields. If not specified in the PUT command - they will default to the following: - - `name=filename` - - `isTemplate=false` - - Also, note that one-to-many fields (`controls` and `ccis`) will also be replaced with the values specified in the PUT. - - If existing `control or cci` mappings exist in eMASS, the values in the PUT will not append, but - rather replace all existing control and cci mappings with the values in the request body. - operationId: updateArtifactBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: See `information` above for additional instructions - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsResponsePutPost' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Artifacts - summary: Remove one or many artifacts in a system - description: |- - Remove the Artifact(s) matching `systemId` path parameter and request body artifact(s) file name

- operationId: deleteArtifact - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Delete artifact files for the given System Id - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsRequestDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ArtifactsResponseDel' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Artifacts Export endpoint - #---------------------------------------------------------------------------- - /api/systems/{systemId}/artifacts-export: - get: - tags: - - Artifacts Export - summary: Get the file of an artifact in a system - description: |- - Sample Responce
- Binary file associated with given filename.
- If `compress` parameter is specified, zip archive of binary file associated with given filename. - operationId: getSystemArtifactsExport - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/exportfilename' - - $ref: '#/components/parameters/compress' - responses: - '200': - description: Successful retrieved Artifacts file - content: - # text/plain: - # schema: - # type: string - # example: "The requested file contents" - application/octet-stream: - schema: - # a binary file of any type - description: Artifacts file ready for download - type: string - format: binary - example: Binary file content for given filename - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # PAC endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/approval/pac: - get: - tags: - - PAC - summary: Get status of active workflows in a system - description: |- - Returns the location of a system's package in the Package Approval Chain (PAC) - for matching `systemId` path parameter - - **NOTES:** - - If the indicated system has any active workflows, the response will include information - such as the workflow type and the current stage of each workflow. - - If there are no active workflows, then a null data member will be returned. - operationId: getSystemPac - parameters: - - $ref: '#/components/parameters/systemId' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PacResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - PAC - summary: Initiate system workflow for review - description: |- - Adds a Package Approval Chain (PAC) for given `systemId` path parameter - - **Request Body Required Fields** - - `workflow` - - `name` - - `comments` - - operationId: addSystemPac - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding system package to PAC for review - content: - application/json: - schema: - $ref: '#/components/schemas/PacRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/PacResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # CAC endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/approval/cac: - get: - tags: - - CAC - summary: Get location of one or many controls in CAC - description: Returns the location of a system's package in the Control Approval - Chain (CAC) for matching `systemId` path parameter - operationId: getSystemCac - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/controlAcronyms' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - CAC - summary: Submit control to second role of CAC - description: |- - **Request Body Required Fields** - - `controlAcronym` - - `comments` - - **NOTES:** - - Comments `comments` are not required at the first role of the CAC but are required at the second role of - the CAC. Comments cannot exceed 10,000 characters. - - POST requests will only yield successful results if the control is currently sitting at the first - role of the CAC. If the control is not currently sitting at the first role, then an error will be - returned. - operationId: addSystemCac - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding control(s) to second role of CAC - content: - application/json: - schema: - $ref: '#/components/schemas/CacRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Hardware Baseline endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/hw-baseline: - get: - tags: - - Hardware Baseline - summary: Get hardware baseline for a system - description: Returns the hardware baseline for a system matching the `systemId` path parameter - operationId: getSystemHwBaseline - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - Hardware Baseline - summary: Add one or many hardware assets in a system - description: |- - Adds assets to the Hardware Baseline for given `systemId` - - **Request Body Required Fields** - - `assetName` - - operationId: addHwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding hardware baseline assets to an existing System (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineResponsePostPut' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - Hardware Baseline - summary: Update one or many hardware assets in a system - description: |- - Updates assets in the Hardware Baseline for given `systemId` - - **Request Body Required Fields** - - `assetName` - - `hardwareId` - operationId: updateHwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for updating hardware baseline assets to an existing System (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineResponsePostPut' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Hardware Baseline - summary: Delete one or many hardware assets in a system - description: |- - Remove (delete) one or multiple assets from a system Hardware Baseline - operationId: deleteHwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for deleting one or many Hardware Baseline assets - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineRequestDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HwBaselineResponseDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Software Baseline endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/sw-baseline: - get: - tags: - - Software Baseline - summary: Get software baseline for a system - description: Returns the software baseline for a system matching the `systemId` path parameter - operationId: getSystemSwBaseline - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - post: - tags: - - Software Baseline - summary: Add one or many software assets in a system - description: |- - Adds assets to the Software Baseline for given `systemId` - - **Request Body Required Fields** - - `softwareVendor` - - `softwareName` - - `version` - - operationId: addSwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding software baseline assets to an existing System (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineResponsePostPut' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - put: - tags: - - Software Baseline - summary: Update one or many software assets in a system - description: |- - Updates assets in the Software Baseline for given `systemId` - - **Request Body Required Fields** - - `softwareId` - - `softwareVendor` - - `softwareName` - - `version` - operationId: updateSwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for updating software baseline assets to an existing System (systemId) - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineRequestPutBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineResponsePostPut' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Software Baseline - summary: Delete one or many software assets in a system - description: |- - Remove (delete) one or multiple assets from a system Software Baseline - operationId: deleteSwBaselineAssets - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for deleting one or many Software Baseline assets - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineRequestDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SwBaselineResponseDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Device Scan Results endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/device-scan-results: - post: - tags: - - Device Scan Results - summary: Add device scans in a system - description: |- - - **Request Body Required Field** - - `scanType` - - Scan Type Allow Values: - -
    -
  • acasAsrArf (.zip)
  • -
  • acasNessus
  • -
  • disaStigViewerCklCklb (.ckl or .cklb)
  • -
  • disaStigViewerCmrs
  • -
  • policyAuditor (.zip)
  • -
  • scapComplianceChecker
  • -
- - - Business Rules
- - The body of a request through the Device Scan Results POST endpoint accepts a single binary file. - Specific file extensions are expected depending upon the scanType parameter. For example, .ckl or - .cklb files are accepted when using scanType is set to disaStigViewerCklCklb. - - When set to acasAsrArf or policyAuditor, a .zip file is expected which should contain a single - scan result (for example, a single pair of .asr and .arf files). Single files are expected for - all other scan types as this endpoint requires files to be uploaded consecutively as opposed to in bulk. - - Current scan types that are supported: -
    -
  • ACAS: ASR/ARF
  • -
  • ACAS: NESSUS
  • -
  • DISA STIG Viewer: CKL/CKLB
  • -
  • DISA STIG Viewer: CMRS
  • -
  • Policy Auditor
  • -
  • SCAP Compliance Checker
  • -
- - operationId: addScanResultsBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - - $ref: '#/components/parameters/scanType' - - $ref: '#/components/parameters/isBaseline' - requestBody: - description: See `Business Rules` posted above for file type. - required: true - content: - multipart/form-data: - schema: - type: object - required: - - filename - properties: - filename: - type: string - description: |- - The file to upload. Can be a single file or a .zip file. - format: binary - - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/DeviceScanResultsResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Cloud Resource Results endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/cloud-resource-results: - post: - tags: - - Cloud Resource Results - summary: Add one or many cloud resources and their scan results - description: |- - Add cloud resources and their scan results in the assets module for a system `systemId` - - **Request Body Required Fields** - - `provider` - - `resourceId` - - `resourceName` - - `resourceType` - - `complianceResults` (Object Array) - - `cspPolicyDefinitionId` - - `isCompliant` - - `policyDefinitionTitle` - - **Example Request Body Required Fields** - ``` - [ - { - "provider": "provide name", - "resourceId": "resource identification", - "resourceName": "resource name", - "resourceType": "resource type", - "complianceResults": [ - { - "cspPolicyDefinitionId": "CSP policy definition identification", - "policyDefinitionTitle": "policy definition title", - "isCompliant": [true or false] - } - ] - } - ] - ``` - operationId: addCloudResourcesBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding cloud resources and their scan results - content: - application/json: - schema: - $ref: '#/components/schemas/CloudResourcesRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CloudResourcesResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Cloud Resource Results - summary: Remove one or many cloud resources in a system - description: Removes cloud resources and their scan results in the assets module - for a system `systemId` - operationId: deleteCloudResources - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Delete the given Cloud Resource Id - content: - application/json: - schema: - $ref: '#/components/schemas/CloudResourcesDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CloudResourcesDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Container Scan Results endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/container-scan-results: - post: - tags: - - Container Scan Results - summary: Add one or many containers and their scan results - description: |- - Add containers and their scan results in the assets module for a system `systemId`. - - **Request Body Required Fields** - - `containerId` - - `containerName` - - `time` - - `benchmarks` (Object Array) - - `benchmark` - - `results` (Object Array) - - `ruleId` - - `status` - - `lastSeen` - - **Example Request Body Required Fields** - ``` - [ - { - "containerId": "container identification", - "containerName": "container name", - "time": Datetime of scan/result (1648217219), - "benchmarks": [ - { - "benchmark": "RHEL_8_STIG", - "results": [ - { - "ruleId": "rule identification", - "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable], - "lastSeen": Unix date format (1648217219) - }, { - "ruleId": "rule identification", - "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable], - "lastSeen": Unix date format (1648217219) - } - ] - } - ] - } - ] - ```` - - operationId: addContainerSansBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding containers and their scan results - content: - application/json: - schema: - $ref: '#/components/schemas/ContainerScanRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ContainersResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - delete: - tags: - - Container Scan Results - summary: Remove one or many containers in a system - description: Removes container scan resources and their scan results in the - assets module for a system `systemId` - operationId: deleteContainerSans - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Delete the given Container Scan Id - content: - application/json: - schema: - $ref: '#/components/schemas/ContainerResourcesDeleteBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ContainersResponseDelete' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Static Code Scans endpoints - #---------------------------------------------------------------------------- - /api/systems/{systemId}/static-code-scans: - post: - tags: - - Static Code Scans - summary: Upload static code scans or Clear static code scans - description: |- - Upload or clear application scan findings into a system's `systemId` assets module. - - **Request Body Required Fields** - - `application` (Object) - - `applicationName` - - `version` - - `applicationFindings` (Object Array) - - `codeCheckName` - - `count` - - `scanDate` - - `cweId` - - **NOTE:** To clear an application's findings, use only the field `clearFindings` as - the Request body and set it to true. Example: - ``` - [ - { - "application": { - "applicationName": "application name", - "version": "application version" - }, - "applicationFindings": [ - { "clearFindings": true } - ] - } - ] - ``` - operationId: addStaticCodeScansBySystemId - parameters: - - $ref: '#/components/parameters/systemId' - requestBody: - description: Example request body for adding static code scans or Clear static code scans - content: - application/json: - schema: - $ref: '#/components/schemas/StaticCodeRequestPostBody' - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/StaticCodeResponsePost' - '201': - $ref: '#/components/responses/Created' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '411': - $ref: '#/components/responses/LengthRequired' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Workflow Definitions endpoints - #---------------------------------------------------------------------------- - /api/workflows/definitions: - get: - tags: - - Workflow Definitions - summary: Get workflow definitions in a site - description: |- - View all workflow schemas available on the eMASS instance filtered by - status `includeInactive` and registration type `registrationType`. - operationId: getWorkflowDefinitions - parameters: - - $ref: '#/components/parameters/includeInactive' - - $ref: '#/components/parameters/registrationType' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WorkflowDefinitionResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Workflow Instances endpoints - #---------------------------------------------------------------------------- - /api/workflows/instances: - get: - tags: - - Workflow Instances - summary: Get workflow instances in a site - description: View detailed information on all active and historical workflows - filtered by provided parameters. - operationId: getSystemWorkflowInstances - parameters: - - $ref: '#/components/parameters/includeComments' - - $ref: '#/components/parameters/includeDecommissionSystems' - - $ref: '#/components/parameters/workFlowPageIndex' - - $ref: '#/components/parameters/optionalSinceDate' - - $ref: '#/components/parameters/status' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WorkflowInstancesResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/workflows/instances/{workflowInstanceId}: - get: - tags: - - Workflow Instances - summary: Get workflow instance by ID - description: View detailed historical workflow information for `workflowInstanceId`. - operationId: getSystemWorkflowInstancesByWorkflowInstanceId - parameters: - - $ref: '#/components/parameters/workflowInstanceId' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WorkflowInstanceResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # CMMC Assessments endpoints - #---------------------------------------------------------------------------- - /api/cmmc-assessments: - get: - tags: - - CMMC Assessments - summary: Get CMMC assessment information - description: |- - Get all CMMC assessment after the given date `sinceDate` parameter. It is available - to CMMC eMASS only. - operationId: getCmmcAssessments - parameters: - - $ref: '#/components/parameters/sinceDate' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CmmcResponseGet' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------# - # D A S H B O A R D S # - #---------------------------------------------------------------------------# - - #---------------------------------------------------------------------------- - # System Status Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-status-details: - get: - tags: - - System Status Dashboard - summary: System Status Details - description: Get systems status detail dashboard information. - operationId: getSystemStatusDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Terms Conditions Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-terms-conditions-summary: - get: - tags: - - System Terms/Conditions Dashboards - summary: System Terms Conditions Summary - description: Get systems terms conditions summary dashboard information. - operationId: getSystemTermsConditionsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-terms-conditions-details: - get: - tags: - - System Terms/Conditions Dashboards - summary: System Terms Conditions Details - description: Get systems terms conditions details dashboard information. - operationId: getSystemTermsConditionsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Connectivity/CCSD - #---------------------------------------------------------------------------- - /api/dashboards/system-connectivity-ccsd-summary: - get: - tags: - - System Connectivity/CCSD Dashboards - summary: System Connectivity/CCSD Summary - description: Get systems connectivity/CCSD summary dashboard information. - operationId: getSystemConnectivityCcsdSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-connectivity-ccsd-details: - get: - tags: - - System Connectivity/CCSD Dashboards - summary: System Connectivity/CCSD Details - description: Get systems connectivity/CCSD details dashboard information. - operationId: getSystemConnectivityCcsdDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System ATC/IATC - #---------------------------------------------------------------------------- - /api/dashboards/system-atc-iatc-details: - get: - tags: - - System ATC/IATC Dashboard - summary: System ATC/IATC Details - description: Get systems ATC/IATC details dashboard information. - operationId: getSystemAtcIatcDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - #---------------------------------------------------------------------------- - # System Questionnaire - #---------------------------------------------------------------------------- - /api/dashboards/system-questionnaire-summary: - get: - tags: - - System Questionnaire Dashboards - summary: System Questionnaire Summary - description: Get systems questionnaire summary dashboard information. - operationId: getSystemQuestionnaireSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-questionnaire-details: - get: - tags: - - System Questionnaire Dashboards - summary: System Questionnaire Details - description: Get systems questionnaire details dashboard information. - operationId: getSystemQuestionnaireDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Workflows Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/system-workflows-history-summary: - get: - tags: - - System Workflows Dashboards - summary: System Workflows History Summary - description: Get systems workflow history summary dashboard information. - operationId: getSystemWorkflowsHistorySummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-workflows-history-details: - get: - tags: - - System Workflows Dashboards - summary: System Workflows History Details - description: Get systems workflow history details dashboard information. - operationId: getSystemWorkflowsHistoryDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-workflows-history-stage-details: - get: - tags: - - System Workflows Dashboards - summary: System Workflows History Stage Details - description: Get systems workflow history stage details dashboard information. - operationId: getSystemWorkflowsHistoryStageDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Security Controls Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-control-compliance-summary: - get: - tags: - - System Security Controls Dashboards - summary: System Control Compliance Summary - description: Get systems control compliance summary dashboard information. - operationId: getSystemControlComplianceSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-security-controls-details: - get: - tags: - - System Security Controls Dashboards - summary: System Control Compliance Details - description: Get systems security control details dashboard information. - operationId: getSystemSecurityControlDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-assessment-procedures-details: - get: - tags: - - System Security Controls Dashboards - summary: System Assessment Procedures Details - description: Get systems assessment procedures details dashboard information. - operationId: getSystemAssessmentProceduresDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Enterprise POA&M Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-poam-summary: - get: - tags: - - System POA&M Dashboards - summary: System POA&M Summary - description: Get systems POA&Ms summary dashboard information. - operationId: getSystemPoamSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-poam-details: - get: - tags: - - System POA&M Dashboards - summary: System POA&M Details - description: Get system POA&Ms details dashboard information. - operationId: getSystemPoamDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Artifacts Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-artifacts-summary: - get: - tags: - - System Artifacts Dashboards - summary: System Artifacts Summary - description: Get system Artifacts summary information. - operationId: getSystemArtifactsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-artifacts-details: - get: - tags: - - System Artifacts Dashboards - summary: System Artifacts Details - description: Get system Artifacts details information. - operationId: getSystemArtifactsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Hardware Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-hardware-summary: - get: - tags: - - System Hardware Dashboards - summary: System Hardware Summary - description: Get system hardware summary dashboard information. - operationId: getSystemHardwareSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-hardware-details: - get: - tags: - - System Hardware Dashboards - summary: System Hardware Details - description: Get system hardware details dashboard information. - operationId: getSystemHardwareDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Sensor Hardware Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-sensor-hardware-summary: - get: - tags: - - System Sensor Hardware Dashboards - summary: System Sensor Hardware Summary - description: Get system sensor hardware summary dashboard information. - operationId: getSystemSensorHardwareSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-sensor-hardware-details: - get: - tags: - - System Sensor Hardware Dashboards - summary: System Sensor Hardware Details - description: Get system sensor hardware details dashboard information. - operationId: getSystemSensorHardwareDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Software Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-software-summary: - get: - tags: - - System Software Dashboards - summary: System Software Summary - description: Get system software summary dashboard information. - operationId: getSystemSoftwareSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-software-details: - get: - tags: - - System Software Dashboards - summary: System Software Details - description: Get system software details dashboard information. - operationId: getSystemSoftwareDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Sensor Software Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-sensor-software-summary: - get: - tags: - - System Sensor Software Dashboards - summary: System Sensor Software Summary - description: Get system sensor software summary dashboard information. - operationId: getSystemSensorSoftwareSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-sensor-software-details: - get: - tags: - - System Sensor Software Dashboards - summary: System Sensor Software Details - description: Get system sensor hardsoftwareware details dashboard information. - operationId: getSystemSensorSoftwareDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-sensor-software-counts: - get: - tags: - - System Sensor Software Dashboards - summary: System Sensor Software Counts - description: Get system sensor hardsoftwareware count dashboard information. - operationId: getSystemSensorSoftwareCounts - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Ctritical Assets Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/system-critical-assets-summary: - get: - tags: - - System Critical Assets Dashboard - summary: System Critical Assets Summary - description: Get system critical assets summary dashboard information. - operationId: getSystemCriticalAssetsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Vulnerability Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/system-vulnerability-summary: - get: - tags: - - System Vulnerability Dashboard - summary: System Vulnerability Summary - description: Get system vulnerability summary dashboard information. - operationId: getSystemVulnerabilitySummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Device Findings Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-device-findings-summary: - get: - tags: - - System Device Findings Dashboards - summary: System Device Findings Summary - description: Get system device findings summary dashboard information. - operationId: getSystemDeviceFindingsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-device-findings-details: - get: - tags: - - System Device Findings Dashboards - summary: System Device Findings Details - description: Get ssystem device findings details dashboard information. - operationId: getSystemDeviceFindingsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Application Findings Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-application-findings-summary: - get: - tags: - - System Application Findings Dashboards - summary: System Application Findings Summary - description: Get system application findings summary dashboard information. - operationId: getSystemApplicationFindingsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-application-findings-details: - get: - tags: - - System Application Findings Dashboards - summary: System Application Findings Details - description: Get system application findings details dashboard information. - operationId: getSystemApplicationFindingsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Ports/Protocols Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-ports-protocols-summary: - get: - tags: - - System Ports/Protocols Dashboards - summary: System Ports/Protocols Summary - description: Get system ports and protocols summary dashboard information. - operationId: getSystemPortsProtocolsSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/system-ports-protocols-details: - get: - tags: - - System Ports/Protocols Dashboards - summary: System Ports/Protocols Details - description: Get system ports and protocols details dashboard information. - operationId: getSystemPortsProtocolsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System CONMON Integration Status Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-conmon-integration-status-summary: - get: - tags: - - System CONMON Integration Status Dashboard - summary: System CONMON Integration Status - description: Get system CONMON integration status dashboard information. - operationId: getSystemCommonIntegrationStatusSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Associations Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-associations-details: - get: - tags: - - System Associations Dashboard - summary: System Associations Details - description: Get system associations details dashboard information. - operationId: getSystemAssociationsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # User System Assignments Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/user-system-assignments-details: - get: - tags: - - User System Assignments Dashboard - summary: User System Assignments Details - description: Get user system assignments details dashboard information. - operationId: getUserSystemAssignmentsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Organization Migration Status Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/organization-migration-status-summary: - get: - tags: - - Organization Migration Status Dashboard - summary: Organization Migration Status Summary - description: Get organization migration status summary dashboard information. - operationId: getOrganizationMigrationStatusSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Migration Status Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/system-migration-status-summary: - get: - tags: - - System Migration Status Dashboard - summary: System Migration Status Summary - description: Get system migration status summary dashboard information. - operationId: getSystemMigrationStatusSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System FISMA Metrics Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/system-fisma-metrics: - get: - tags: - - System FISMA Metrics Dashboard - summary: System FISMA Metrics - description: Get system FISMA metrics dashboard information. - operationId: getSystemFismaMetrics - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # Coast Guard System FISMA Metrics Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/coastguard-system-fisma-metrics: - get: - tags: - - Coast Guard System FISMA Metrics Dashboard - summary: Coast Guard System FISMA Metrics - description: Get Coast Guard system FISMA metrics dashboard information. - operationId: getCoastGuardSystemFismaMetrics - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # System Privacy Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/system-privacy-summary: - get: - tags: - - System Privacy Dashboard - summary: System Privacy Summary - description: Get user system privacy summary dashboard information. - operationId: getSystemPrivacySummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # VA OMB FISMA Dashboard - #---------------------------------------------------------------------------- - /api/dashboards/va-omb-fisma-saop-summary: - get: - tags: - - VA OMB FISMA Dashboard - summary: VA OMB FISMA SAOP Summary - description: Get VA OMB-FISMA SAOP summary dashboard information. - operationId: getVaOmbFsmaSaopSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # VA System Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/va-system-icamp-tableau-poam-details: - get: - tags: - - VA System Dashboards - summary: VA System ICAMP Tableau POAM Details - description: Get VA system ICAMP Tableau POAM details dashboard information. - operationId: getVaSystemIcampTableauPoamDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-aa-summary: - get: - tags: - - VA System Dashboards - summary: VA System A&A Summary - description: Get VA system A&A summary dashboard information. - operationId: getVaSystemAaSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-a2-summary: - get: - tags: - - VA System Dashboards - summary: VA System A2.0 Summary - description: Get VA system A2.0 summary dashboard information. - operationId: getVaSystemA2Summary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-pl-109-reporting-summary: - get: - tags: - - VA System Dashboards - summary: VA System P.L. 109 Reporting Summary - description: Get VA system P.L. 109 reporting summary dashboard information. - operationId: getVaSystemPl109ReportingSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-fisma-inventory-summary: - get: - tags: - - VA System Dashboards - summary: VA System FISMA Inventory Summary - description: Get VA system FISMA inventory summary dashboard information. - operationId: getVaSystemFismaInvetorySummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-fisma-inventory-crypto-summary: - get: - tags: - - VA System Dashboards - summary: VA System FISMA Inventory Crypto Summary - description: Get VA system FISMA inventory crypto summary dashboard information. - operationId: getVaSystemFismaInvetoryCryptoSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-threat-risks-summary: - get: - tags: - - VA System Dashboards - summary: VA System Threat Risks Summary - description: Get VA system threat risk summary dashboard information. - operationId: getVaSystemThreatRiskSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-threat-sources-details: - get: - tags: - - VA System Dashboards - summary: VA System Threat Sources Details - description: Get VA system threat source details dashboard information. - operationId: getVaSystemThreatSourceDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/va-system-threat-architecture-details: - get: - tags: - - VA System Dashboards - summary: VA System Threat Architecture Details - description: Get VA system threat architecture details dashboard information. - operationId: getVaSystemThreatArchitectureDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - #---------------------------------------------------------------------------- - # CMMC Assessment Dashboards - #---------------------------------------------------------------------------- - /api/dashboards/cmmc-assessment-status-summary: - get: - tags: - - CMMC Assessment Dashboards - summary: CMMC Assessment Status Summary - description: Get CMMC assessment status summary dashboard information. - operationId: getCmmcAssessmentStatusSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/cmmc-assessment-requirements-compliance-summary: - get: - tags: - - CMMC Assessment Dashboards - summary: CMMC Assessment Requirements Compliance Summary - description: Get CMMC assessment requirements compliance summary dashboard information. - operationId: getCmmcAssessmentRequirementsComplianceSummary - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/cmmc-assessment-security-requirements-details: - get: - tags: - - CMMC Assessment Dashboards - summary: CMMC Assessment Security Requirements Details - description: Get CMMC assessment security requirements details dashboard information. - operationId: getCmmcAssessmentSecurityRequirementsDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - - /api/dashboards/cmmc-assessment-requirement-objectives-details: - get: - tags: - - CMMC Assessment Dashboards - summary: CMMC Assessment Requirement Objectives Details - description: Get CMMC assessment requirement objectives details dashboard information. - operationId: getCmmcAssessmentRequirementObjectivesDetails - parameters: - - $ref: '#/components/parameters/orgId' - - $ref: '#/components/parameters/dashboardExcludeInherited' - - $ref: '#/components/parameters/dashboardPageIndex' - - $ref: '#/components/parameters/dashboardPageSize' - responses: - '200': - $ref: '#/components/responses/DashboardResponse' - '400': - $ref: '#/components/responses/BadRequest' - '401': - $ref: '#/components/responses/Unauthorized' - '403': - $ref: '#/components/responses/Forbidden' - '404': - $ref: '#/components/responses/NotFound' - '405': - $ref: '#/components/responses/MethodNotAllowed' - '490': - $ref: '#/components/responses/APIRuleFailed' - '500': - $ref: '#/components/responses/InternalServerError' - -#------------------------------------------------------------------------------- -# C O M P O N E N T S -#------------------------------------------------------------------------------- -components: - #---------------------------------------------------------------------------- - # Parameters - #---------------------------------------------------------------------------- - parameters: - #-------------------------------------------------------------------------- - # Path - #-------------------------------------------------------------------------= - roleCategory: - name: roleCategory - in: path - description: '**Role Category**: The system role category been queried' - required: true - schema: - type: string - enum: - - CAC - - PAC - - Other - default: PAC - systemId: - name: systemId - in: path - description: '**System Id**: The unique system record identifier.' - required: true - schema: - type: integer - x-faker: random.number - example: 35 - poamId: - name: poamId - in: path - description: '**POA&M Id**: The unique POA&M record identifier.' - required: true - schema: - type: integer - x-faker: random.number - example: 45 - milestoneId: - name: milestoneId - in: path - description: '**Milestone Id**: The unique milestone record identifier.' - required: true - schema: - type: integer - x-faker: random.number - example: 77 - workflowInstanceId: - name: workflowInstanceId - in: path - description: '**Workflow Instance Id**: The unique workflow definition identifier.' - required: true - schema: - type: integer - x-faker: random.number - example: 123 - #-------------------------------------------------------------------------- - # Query - Required - #-------------------------------------------------------------------------- - role: - name: role - in: query - description: '**Role**: Accepts single value from options available at base - system-roles endpoint e.g., SCA.' - required: true - schema: - type: string - # enum: ["AO","Auditor","Artifact Manager","C&A Team","IAO","ISSO","PM/IAM","SCA","User Rep", "Validator"] - default: IAO - exportfilename: - name: filename - in: query - required: true - description: '**File Name**: The file name (to include file-extension).' - schema: - type: string - example: ArtifactsExporFile.pdf - sinceDate: - name: sinceDate - in: query - required: true - description: '**Date** CMMC date (Unix date format)' - schema: - type: string - example: '1638764040' - orgId: - name: orgId - in: query - description: '**Organization Id**: The unique organization identifier.' - required: true - schema: - type: integer - x-faker: random.number - example: 1 - scanType: - name: scanType - in: query - description: '**Scan Type**: The file scan type to upload' - required: true - schema: - type: string - enum: - - acasAsrArf - - acasNessus - - disaStigViewerCklCklb - - disaStigViewerCmrs - - policyAuditor - - scapComplianceChecker - default: disaStigViewerCklCklb - - #-------------------------------------------------------------------------- - # Query - Optional - #-------------------------------------------------------------------------- - includePackage: - name: includePackage - in: query - description: |- - **Include Package**: Indicates if additional packages information are retrieved for queried system. - If no value is specified, the default returns false to not include package information - schema: - type: boolean - x-faker: random.boolean - default: false - registrationType: - name: registrationType - in: query - description: | - **Registration Type**: Filter record by selected registration type (single value or comma delimited values). - - **Valid Options Are:** assessAndAuthorize, assessOnly, guest, regular, - functional, cloudServiceProvider, commonControlProvider, authorizationToUse, - reciprocityAcceptanc - schema: - type: string - default: regular - ditprId: - name: ditprId - in: query - description: '**DITPR ID**: Filter query by DoD Information Technology (IT) - Portfolio Repository (DITPR).' - schema: - type: string - coamsId: - name: coamsId - in: query - description: '**COAMS ID**: Filter query by Cyber Operational Attributes - Management System (COAMS).' - schema: - type: string - policy: - name: policy - in: query - description: |- - **System Policy**: Filter query by system policy. - If no value is specified, the default returns RMF policy information for dual-policy systems. - schema: - type: string - enum: - - diacap - - rmf - - reporting - default: rmf - acronyms: - name: acronyms - in: query - description: '**Acronym**: The system acronym(s) being queried (single value or - comma delimited values).' - schema: - type: string - default: PM-6 - includeDitprMetrics: - name: includeDitprMetrics - in: query - description: |- - **Include DITPR**: Indicates if DITPR metrics are retrieved. - This query string parameter cannot be used in conjunction with the following parameters: - - ditprId - - coamsId - - If no value is specified, the default returns false to not include DITPR Metrics. - schema: - type: boolean - x-faker: random.boolean - default: false - includeDecommissioned: - name: includeDecommissioned - in: query - description: |- - **Include Decommissioned Systems**: Indicates if decommissioned systems are retrieved. - If no value is specified, the default returns true to include decommissioned systems. - schema: - type: boolean - x-faker: random.boolean - default: true - reportsForScorecard: - name: reportsForScorecard - in: query - description: '**DoD Cyber Hygiene Scorecard**: Used to filter results to only - return systems that report to the DoD Cyber Hygiene Scorecard.' - schema: - type: boolean - x-faker: random.boolean - default: true - filename: - name: filename - in: query - description: '**File Name**: The file name (to include file-extension).' - schema: - type: string - example: ArtifactsExporFile.pdf - compress: - name: compress - in: query - description: '**Compress File**: Determines if returned file is compressed.' - schema: - type: boolean - x-faker: random.boolean - default: true - isBulk: - name: isBulk - in: query - description: | - **Is Bulk**: If no value is specified, the default is false, - and an individual artifact file is expected. - When set to true, a .zip file is expected which - can contain multiple artifact files. - schema: - type: boolean - x-faker: random.boolean - default: false - isBaseline: - name: isBaseline - in: query - description: | - **Is Baseline**: Indicates that the imported file represents a baseline scan that includes - all findings and results. Importing as a baseline scan, which assumes a common set of scan - policies are used when conducting a scan, will replace a device's findings for a specific - Benchmark. Applicable to ASR/ARF scans only. - schema: - type: boolean - x-faker: random.boolean - default: false - controlAcronyms: - name: controlAcronyms - in: query - description: '**Control Acronym**: Filter query by given system acronym (single - value or comma separated).' - schema: - type: string - assessmentProcedures: - name: assessmentProcedures - in: query - description: '**Assessment Procedure**: Filter query by given Security Control - Assessment Procedure (single value or comma separated).' - schema: - type: string - ccis: - name: ccis - in: query - description: '**CCI System**: Filter query by Control Correlation Identifiers - (CCIs) (single value or comma separated).' - schema: - type: string - latestOnly: - name: latestOnly - in: query - description: '**Latest Results Only**: Indicates that only the latest test - resultes are retrieved.' - schema: - type: boolean - x-faker: random.boolean - default: true - scheduledCompletionDateStart: - name: scheduledCompletionDateStart - in: query - description: '**Date Started**: Filter query by the scheduled completion start - date (Unix date format).' - schema: - type: string - scheduledCompletionDateEnd: - name: scheduledCompletionDateEnd - in: query - description: '**Date Ended**: Filter query by the scheduled completion start - date (Unix date format).' - schema: - type: string - systemOnly: - name: systemOnly - in: query - description: '**Systems Only**: Indicates that only system(s) information is - retrieved.' - schema: - type: boolean - x-faker: random.boolean - default: true - description: - name: description - in: query - description: '**Description**: Milestone description information.' - schema: - type: string - scheduledCompletionDate: - name: scheduledCompletionDate - in: query - description: '**Completion Date**: Schedule completion date for milestone (Unix - date format).' - schema: - type: string - includeInactive: - name: includeInactive - in: query - description: '**Include Inactive**: If no value is specified, the default - returns false to not include outdated workflow definitions.' - schema: - type: boolean - x-faker: random.boolean - default: true - includeComments: - name: includeComments - in: query - description: | - **Include Comments**: If no value is specified, the default returns true to not include - transition comments. - Note: Corresponds to the Comments textbox that is required at most workflow transitions. - Does not include other text input fields such as Terms / Conditions for Authorization. - schema: - type: boolean - x-faker: random.boolean - default: true - includeDecommissionSystems: - name: includeDecommissionSystems - in: query - description: | - **Include Decommission Systems**: If no value is specified, the default returns false to exclude decommissioned systems. - schema: - type: boolean - x-faker: random.boolean - default: false - workFlowPageIndex: - name: pageIndex - in: query - description: | - **Page Index**: If no value is specified, the default returns results from the first page with an index of 0. - **Note:** Pages contain 1000 workflow instances. - schema: - type: integer - default: 0 - optionalSinceDate: - name: sinceDate - in: query - description: | - **Date**: Filter on authorization/assessment date (Unix date format). - Note: Filters off the lastEditedDate field. - Note: The authorization/assessment decisions on completed workflows - can be edited for up to 30 days after the initial decision is made. - schema: - type: string - example: '1638764040' - status: - name: status - in: query - description: | - **Status**: Filter by status. - If no value is specified, the default returns all to include both active and inactive workflows. - Note: Any workflows at a current stage of Complete or Cancelled are inactive. - Ongoing workflows currently at other stages are active. - schema: - type: string - enum: - - active - - inactive - - all - default: all - dashboardExcludeInherited: - name: excludeinherited - in: query - description: | - **Exclude Inherited**: If no value is specified, the default returns false to include inherited data. - schema: - type: boolean - x-faker: random.boolean - default: false - dashboardPageIndex: - name: pageIndex - in: query - description: | - **Page Index**: If no value is specified, the default returns results from the first page with an index of 0. - schema: - type: integer - default: 0 - dashboardPageSize: - name: pageSize - in: query - description: | - **Page Size**: If no value is specified, the default returns 20000 per page. - schema: - type: integer - default: 20000 - #---------------------------------------------------------------------------- - # Schemas - #---------------------------------------------------------------------------- - schemas: - #---------------------------------------------------------------------------- - # Request Body fields for (POSTs & PUTs) - #---------------------------------------------------------------------------- - RegisterUserRequestPostBody: - required: - - user-uid - type: object - properties: - user-uid: - type: string - example: MY.USERUUID.KEY - ControlsRequestPutBody: - title: Controls Query Body - type: array - required: - - acronym - - responsibleEntities - - controlDesignation - - estimatedCompletionDate - - implementationNarrative - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/ControlsRequiredFields' - - $ref: '#/components/schemas/ControlsConditionalFields' - - $ref: '#/components/schemas/ControlsOptionalFields' - - $ref: '#/components/schemas/ControlsReadOnlyFields' - TestResultsRequestPostBody: - title: Test Results Query Body - type: array - required: - - testedBy - - testDate - - description - - complianceStatus - - assessmentProcedure - additionalProperties: false - items: - properties: - testedBy: - type: string - description: '[Required] Last Name, First Name. 100 Characters.' - x-faker: name.findName - example: Smith, Joe - testDate: - type: integer - format: int64 - description: '[Required] Unix time format.' - example: 1638741660 - description: - type: string - description: '[Required] Include description of test result. 4000 Characters.' - example: Test result description - complianceStatus: - type: string - description: '[Required] Test result compliance status' - example: Compliant - assessmentProcedure: - type: string - description: '[Required] The Security Control Assessment Procedure being - assessed.' - example: AC-1.1 - PoamRequestPostBody: - title: Example request body to add POA&M(s) to a system (systemId) - type: array - required: - - status - - vulnerabilityDescription - - sourceIdentifyingVulnerability - - pocOrganization - - resources - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/PoamRequiredFields' - - $ref: '#/components/schemas/PoamConditionalFields' - - $ref: '#/components/schemas/PoamOptionalFields' - - $ref: '#/components/schemas/MilestonesRequiredPost' - PoamRequestPutBody: - title: Example request body to update POA&M(s) to a system (systemId) - type: array - required: - - poamId - - displayPoamId - - status - - vulnerabilityDescription - - sourceIdentifyingVulnerability - - pocOrganization - - resources - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/PoamIds' - - $ref: '#/components/schemas/PoamRequiredFields' - - $ref: '#/components/schemas/PoamConditionalFields' - - $ref: '#/components/schemas/PoamOptionalFields' - - $ref: '#/components/schemas/MilestonesRequiredPut' - MilestonesRequestPostBody: - title: Milestones POST Query Body - type: array - required: - - description - - scheduledCompletionDate - additionalProperties: false - items: - properties: - description: - type: string - description: '[Required] Provide a description of the milestone.' - x-faker: random.words - example: Description text - scheduledCompletionDate: - type: integer - format: int64 - description: '[Required] Unix date format.' - example: 1599644800 - MilestonesRequestPutBody: - title: Milestones PUT Query Body - type: array - required: - - milestoneId - - description - - scheduledCompletionDate - additionalProperties: false - items: - properties: - milestoneId: - type: integer - format: int64 - description: '[Required] Unique milestone identifier.' - example: 19 - description: - type: string - description: '[Required] Provide a description of the milestone.' - x-faker: random.words - example: Description text - scheduledCompletionDate: - type: integer - format: int64 - description: '[Required] Unix date format.' - example: 1599644800 - ArtifactsRequestPutBody: - title: Artifacts PUT Query Body - type: array - required: - - filename - - isTemplate - - type - - category - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/ArtifactsRequiredFields' - - $ref: '#/components/schemas/ArtifactsOptionalFields' - CacRequestPostBody: - title: CAC POST Query Body - type: array - required: - - controlAcronym - additionalProperties: false - items: - properties: - controlAcronym: - type: string - description: '[Required] System acronym name.' - example: AC-3 - comments: - type: string - description: '[Conditional] Control Approval Chain comments - 2000 Characters.' - example: Control Approval Chain comments text. - PacRequestPostBody: - title: PAC POST Query Body - type: array - required: - - workflow - - name - - comments - additionalProperties: false - items: - properties: - workflow: - type: string - description: '[Required] The PAC workflow' - example: Assess and Authorize - name: - type: string - description: '[Required] Package name. 100 Characters.' - example: Package name text - comments: - type: string - description: '[Required] Character Limit = 4,000.' - example: Comments text. - HwBaselineRequestPostBody: - title: Example request body to add Hardware Baseline items for a system (systemId) - type: array - required: - - assetName - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/HwBaselineRequiredFields' - - $ref: '#/components/schemas/HwBaselineConditionalFields' - - $ref: '#/components/schemas/HwBaselineOptionalFields' - HwBaselineRequestPutBody: - title: Example request body for updating Hardware Baseline items for a system (systemId) - type: array - required: - - assetName - - hardwareId - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/HwBaselineReadOnlyFields' - - $ref: '#/components/schemas/HwBaselineRequiredFields' - - $ref: '#/components/schemas/HwBaselineOptionalFields' - - $ref: '#/components/schemas/HwBaselineConditionalFields' - SwBaselineRequestPostBody: - title: Example request body to add Software Baseline items for a system (systemId) - type: array - required: - - softwareVendor - - softwareName - - version - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/SwBaselineRequiredFields' - - $ref: '#/components/schemas/SwBaselineConditionalFields' - - $ref: '#/components/schemas/SwBaselineOptionalFields' - SwBaselineRequestPutBody: - title: Example request body for updating Software Baseline items for a system (systemId) - type: array - required: - - softwareId - - softwareVendor - - softwareName - - version - additionalProperties: false - items: - allOf: - - $ref: '#/components/schemas/SwBaselineReadOnlyFields' - - $ref: '#/components/schemas/SwBaselineRequiredFields' - - $ref: '#/components/schemas/SwBaselineConditionalFields' - - $ref: '#/components/schemas/SwBaselineOptionalFields' - StaticCodeRequestPostBody: - title: Static Code PUT Query Body - type: object - additionalProperties: false - properties: - application: - type: object - properties: - applicationName: - type: string - description: '[Required] Name of the software application that was assessed.' - x-faker: company.companyName - example: Artemis - version: - type: string - description: '[Required] The version of the application.' - x-faker: system.semver - example: Version 5.0 - applicationFindings: - type: array - items: - $ref: '#/components/schemas/StaticCodeApplicationPost' - CloudResourcesRequestPostBody: - title: Cloude Resource POST Request Body - type: array - required: - - provider - - resourceId - - resourceName - - resourceType - additionalProperties: false - items: - properties: - # Required Fields - provider: - type: string - description: '[Required] Cloud service provider name' - example: azure - resourceId: - type: string - description: '[Required] Unique identifier/resource namespace for policy - compliance result' - example: /subscriptions/123456789/sample/resource/namespace/default - resourceName: - type: string - description: '[Required] Friendly name of Cloud resource' - example: Storage Resource - resourceType: - type: string - description: '[Required] Type of Cloud resource' - example: Microsoft.storage.table - # Optional Fields - initiatedBy: - type: string - description: '[Optional] Email of POC' - example: john.doe.ctr@mail.mil - cspAccountId: - type: string - description: '[Optional] System/owner''s CSP account ID/number' - example: '123456789' - cspRegion: - type: string - description: '[Optional] CSP region of system' - example: useast2 - isBaseline: - type: boolean - description: '[Optional] True/false flag for providing results as baseline. If - true, all existing compliance results for the resourceId will be - replaced by results in the current call' - example: true - # Optional object - tags: - type: object - description: '[Optional] Informational tags associated to results for other - metadata' - properties: - test: - type: string - example: testtag - # Required object array with required and optional Fields - complianceResults: - type: array - required: - - cspPolicyDefinitionId - - policyDefinitionTitle - - isCompliant - items: - properties: - # Required Fields - cspPolicyDefinitionId: - type: string - description: '[Required] Unique identifier/compliance namespace for - CSP/Resource''s policy definition/compliance check' - example: /providers/sample/policy/namespace/au11_policy - policyDefinitionTitle: - type: string - description: '[Required] Friendly policy/compliance check title. Recommend short - title' - example: AU-11 - Audit Record Retention - isCompliant: - type: boolean - description: '[Required] Compliance status of the policy for the identified - cloud resource' - example: false - # Optional Fields - complianceCheckTimestamp: - type: integer - format: int64 - description: '[Optional] Unix date format' - example: 1644003780 - control: - type: string - description: '[Optional] Comma separated correlation to Security Control (e.g. - exact NIST Control acronym)' - example: AU-11 - assessmentProcedure: - type: string - description: '[Optional] Comma separated correlation to Assessment Procedure - (i.e. CCI number for DoD Control Set)' - example: 000167,000168 - complianceReason: - type: string - description: '[Optional] Reason/comments for compliance result' - example: retention period not configured - policyDeploymentName: - type: string - description: '[Optional] Name of policy deployment' - example: testDeployment - policyDeploymentVersion: - type: string - description: '[Optional] Version of policy deployment' - example: 1.0.0 - severity: - type: string - description: '[Optional] Severity value' - example: High - enum: - - Low - - Medium - - High - - Critical - ContainerScanRequestPostBody: - title: Containers POST Request Body - type: array - required: - - containerId - - containerName - - time - additionalProperties: false - items: - properties: - # Required Fields - containerId: - type: string - description: '[Required] Unique identifier of the container' - example: 157ac21c-49b4-4faf-a4ac-bfefd869ba3b - containerName: - type: string - description: '[Required] Friendly name of the container' - example: command-control - time: - type: integer - format: int64 - description: '[Required] Datetime of scan/result. Unix date format' - example: 1648217219 - # Optional Fields - podName: - type: string - description: '[Optional] Name of pod (e.g. Kubernetes pod)' - example: command-control-955596ffc - podIp: - type: string - description: '[Optional] IP address of pod' - example: 1.1.1.101 - namespace: - type: string - description: '[Optional] Namespace of container in container orchestration (e.g. - Kubernetes namespace)' - example: command-control - # Optional Object - tags: - type: object - description: '[Optional] Informational tags associated to results for other - metadata' - properties: - test: - type: string - example: testtag - # Required object array with required and optional Fields - benchmarks: - type: array - required: - - benchmark - items: - properties: - # Required Fields - benchmark: - type: string - description: '[Required] Identifier of the benchmark/grouping of compliance - results. (e.g. for STIG results, provide the benchmark id - for the STIG technology)' - example: RHEL_8_STIG - # Optional Fields - isBaseline: - type: boolean - description: '[Optional] True/false flag for providing results as baseline. If - true, all existing compliance results for the provided - benchmark within the container will be replaced by results - in the current call' - example: false - version: - type: integer - format: int64 - nullable: true - description: '[Optional] The benchmark version.' - x-faker: random.number - example: 2 - release: - type: integer - format: int64 - nullable: true - description: '[Optional] The benchmark release.' - x-faker: random.number - example: 4 - # Required object array with required and optional Fields - results: - type: array - required: - - ruleId - - status - - lastSeen - items: - properties: - # Required Fields - ruleId: - type: string - description: '[Required] Identifier for the compliance result, vulnerability, - etc. the result is for' - example: SV-230221r743913_rule - status: - type: string - description: '[Required] Benchmark result status' - example: Pass - enum: - - Pass - - Fail - - Other - - Not Reviewed - - Not Checked - - Not Applicable - lastSeen: - type: integer - format: int64 - description: Date last seen, Unix date format - example: 1648217219 - # Optional Fields - message: - type: string - description: '[Optional] Comments for the result' - example: test message - - #---------------------------------------------------------------------------- - # Request Body supporting fields for (POSTs & PUTs) - #---------------------------------------------------------------------------- - MilestonesRequiredPost: - properties: - milestones: - type: array - items: - type: object - required: - - description - - scheduledCompletionDate - additionalProperties: false - properties: - description: - type: string - description: '[Required] Include milestone description.' - x-faker: random.words - example: Description text - scheduledCompletionDate: - type: integer - format: int64 - description: '[Required] Required for ongoing and completed POA&M items. Unix - time format.' - example: 1599644800 - MilestonesRequiredPut: - properties: - milestones: - type: array - items: - type: object - required: - - description - - scheduledCompletionDate - - isActive - additionalProperties: false - properties: - description: - type: string - description: '[Required] Include milestone description.' - x-faker: random.words - example: Description text - scheduledCompletionDate: - type: integer - format: int64 - description: '[Required] Required for ongoing and completed POA&M items. Unix - time format.' - example: 1599644800 - isActive: - type: boolean - description: '[Conditional] Optionally used in PUT to delete milestones when updating a POA&M.' - x-faker: random.boolean - example: true - StaticCodeApplicationPost: - title: Static Code Application POST object" - type: object - additionalProperties: false - properties: - rawSeverity: - type: string - description: '[Optional] Scan vulnerability ratting' - enum: - - Low - - Medium - - Moderate - - High - - Critical - example: Moderate - codeCheckName: - type: string - description: '[Required] Name of the software vulnerability or weakness.' - x-faker: - random.arrayElement: - - - Hidden Field - - Redundant Check - - Invalid Field - - Vulnerable Field - example: Hidden Field - count: - type: integer - format: int64 - description: '[Required] Number of instances observed for a specified finding.' - x-faker: random.number - example: 14 - scanDate: - type: integer - format: int64 - description: '[Required] The date of the scan. Unix date format.' - example: 1625070000 - cweId: - type: string - description: '[Required] The Common Weakness Enumerator (CWE) identifier.' - x-faker: number.number - example: '155' - clearFindings: - type: boolean - description: '[Optional] When used by itself, can clear out all application - findings for a single application/version pairing.' - x-faker: random.boolean - example: false - - #---------------------------------------------------------------------------- - # Request Body fields for (DELETE) - #---------------------------------------------------------------------------- - PoamRequestDeleteBody: - title: DeletePoams - type: array - items: - type: object - additionalProperties: false - properties: - poamId: - type: integer - format: int64 - description: '[Required] Unique item identifier' - example: 45 - MilestonesRequestDeleteBody: - title: DeletePoams - type: array - items: - type: object - additionalProperties: false - properties: - milestoneId: - type: integer - format: int64 - description: '[Required] Unique item identifier' - example: 19 - ArtifactsRequestDeleteBody: - title: DeleteArtifacts - type: array - items: - type: object - additionalProperties: false - properties: - filename: - type: string - description: '[Required] File name should match exactly one file within the - provided zip file. 1000 Characters.' - x-faker: system.commonFileName - example: AutorizationGuidance.pdf - HwBaselineRequestDeleteBody: - title: DeleteHwBaselines - type: array - items: - type: object - additionalProperties: false - properties: - hardwareId: - type: string - example: '0da80542-daa0-4170-85ce-551bcaf4be15' - SwBaselineRequestDeleteBody: - title: DeleteSwBaselines - type: array - items: - type: object - additionalProperties: false - properties: - softwareId: - type: string - example: '171fc7d0-6957-4f54-bd51-3b7cbc6c39d5' - CloudResourcesDeleteBody: - title: DeleteCloudResources - type: array - items: - type: object - additionalProperties: false - properties: - resourceId: - type: string - description: '[Required] Unique item identifier' - example: /subscriptions/123456789/sample/resource/namespace/default - ContainerResourcesDeleteBody: - title: DeleteContainerResources - type: array - items: - type: object - additionalProperties: false - properties: - containerId: - type: string - description: '[Required] Unique item identifier' - example: 157ac21c-49b4-4faf-a4ac-bfefd869ba3b - - #---------------------------------------------------------------------------- - # 200 Responses for (GET, POST, PUT, and DELETE) - #---------------------------------------------------------------------------- - Test: - title: api GET response schema - type: object - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: object - additionalProperties: false - properties: - success: - type: boolean - x-faker: random.boolean - example: true - Register: - title: api-key POST response schema - type: object - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: object - additionalProperties: false - properties: - apikey: - type: string - x-faker: random.uuid - example: f0126b6b-f232-45c9-a8de-01d5f003deda - SystemResponse: - title: System GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - $ref: '#/components/schemas/Systems' - SystemsResponse: - title: Systems GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/Systems' - SystemRolesResponse: - title: Roles GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - properties: - roleCategory: - type: string - x-faker: random.word - default: PAC - role: - type: string - x-faker: random.words - default: PM/IAM - SystemRolesCategoryResponse: - title: Roles by category GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - nullable: true - items: - $ref: '#/components/schemas/RoleCategory' - ControlsResponseGet: - title: Controls GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - nullable: true - items: - allOf: - - $ref: '#/components/schemas/ControlsIds' - - $ref: '#/components/schemas/ControlsRequiredFields' - - $ref: '#/components/schemas/ControlsConditionalFields' - - $ref: '#/components/schemas/ControlsOptionalFields' - - $ref: '#/components/schemas/ControlsReadOnlyFields' - ControlsResponsePut: - title: Controls PUT response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/ControlsPut' - TestResultsResponseGet: - title: Test Results GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/TestResultsGet' - TestResultsResponsePost: - title: Test Results POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/TestResultsPost' - PoamResponseGetSystems: - title: POAMS GET 'Systems' response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - allOf: - - $ref: '#/components/schemas/PoamIds' - - $ref: '#/components/schemas/PoamRequiredFields' - - $ref: '#/components/schemas/PoamConditionalFields' - - $ref: '#/components/schemas/MilestonesFields' - - $ref: '#/components/schemas/PoamOptionalFields' - - $ref: '#/components/schemas/PoamReadOnlyFields' - PoamResponseGetPoams: - title: POAMS GET 'Poam' response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - allOf: - - $ref: '#/components/schemas/PoamIds' - - $ref: '#/components/schemas/PoamRequiredFields' - - $ref: '#/components/schemas/PoamReadOnlyFields' - - $ref: '#/components/schemas/PoamOptionalFields' - - $ref: '#/components/schemas/PoamConditionalFields' - - $ref: '#/components/schemas/MilestonesFields' - PoamResponsePostPutDelete: - title: POAMS POST, PUT, DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/PoamPostPutDel' - MilestoneResponseGet: - title: Milestones GET (return array) response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/MilestonesGet' - MilestoneResponseGetMilestone: - title: Milestones GET (return object) response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - $ref: '#/components/schemas/MilestonesGet' - MilestoneResponsePost: - title: Milestones POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/MilestonesPutPostDelete' - MilestoneResponsePut: - title: Milestones PUT response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/MilestonesPutPostDelete' - MilestoneResponseDelete: - title: Milestones DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/MilestonesPutPostDelete' - ArtifactsResponseGet: - title: Artifacts GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - allOf: - - $ref: '#/components/schemas/ArtifactsIds' - - $ref: '#/components/schemas/ArtifactsRequiredFields' - - $ref: '#/components/schemas/ArtifactsReadOnlyFields' - - $ref: '#/components/schemas/ArtifactsOptionalFields' - ArtifactsResponseDel: - title: Artifacts DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - additionalProperties: false - properties: - filename: - type: string - description: '[Required] File name should match exactly one file within the - provided zip file. 1000 Characters.' - x-faker: system.commonFileName - example: AutorizationGuidance.pdf - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - ArtifactsResponsePutPost: - title: Artifacts POST and PUT response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - additionalProperties: false - properties: - filename: - type: string - description: '[Required] File name should match exactly one file within the - provided zip file. 1000 Characters.' - x-faker: system.commonFileName - example: AutorizationGuidance.pdf - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - CacResponseGet: - title: CAC GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/CacGet' - CacResponsePost: - title: CAC POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - additionalProperties: false - properties: - controlAcronym: - type: string - description: '[Required] System acronym name.' - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - example: AC-3 - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - PacResponseGet: - title: PAC GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - nullable: true - items: - $ref: '#/components/schemas/PacGet' - PacResponsePost: - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/PacPost' - HwBaselineResponseGet: - title: Hardware Baseline GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - allOf: - - $ref: '#/components/schemas/HwBaselineIds' - - $ref: '#/components/schemas/HwBaselineReadOnlyFields' - - $ref: '#/components/schemas/HwBaselineRequiredFields' - - $ref: '#/components/schemas/HwBaselineOptionalFields' - - $ref: '#/components/schemas/HwBaselineConditionalFields' - pagination: - $ref: '#/components/schemas/Pagination' - HwBaselineResponsePostPut: - title: Hardware Baseline POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - x-faker: random.number - example: 75 - hardwareId: - type: string - x-faker: random.uuid - example: 0bcaba59-a4f4-4918-a267-aedee3ea750d - success: - type: boolean - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - HwBaselineResponseDelete: - title: Hardware Baseline DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - x-faker: random.number - example: 75 - hardwareId: - type: string - example: '0da80542-daa0-4170-85ce-551bcaf4be15' - success: - type: boolean - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - SwBaselineResponseGet: - title: Software Baseline GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - allOf: - - $ref: '#/components/schemas/SwBaselineIds' - - $ref: '#/components/schemas/SwBaselineReadOnlyFields' - - $ref: '#/components/schemas/SwBaselineRequiredFields' - - $ref: '#/components/schemas/SwBaselineOptionalFields' - pagination: - $ref: '#/components/schemas/Pagination' - SwBaselineResponsePostPut: - title: Software Baseline POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - x-faker: random.number - example: 85 - softwareId: - type: string - x-faker: random.uuid - example: 0bcaba59-a4f4-4918-a267-aedee3ea750d - success: - type: boolean - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - SwBaselineResponseDelete: - title: Software Baseline DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - x-faker: random.number - example: 85 - softwareId: - type: string - example: '171fc7d0-6957-4f54-bd51-3b7cbc6c39d5' - success: - type: boolean - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - DeviceScanResultsResponsePost: - title: Device Scan POST response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - additionalProperties: false - properties: - filename: - type: string - description: '[Required] single binary file. Specific file extensions - are expected depending upon the scanType parameter.' - x-faker: system.commonFileName - example: MySystemEntityScan.ckl - assetsImported: - type: integer - format: int64 - description: 'Number of assets imported from the scan file.' - x-faker: random.number - example: 1 - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - StaticCodeResponsePost: - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/StaticCodePost' - CloudResourcesResponsePost: - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/CloudResourcesPostDelete' - CloudResourcesDelete: - title: Cloud Resource DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/CloudResourcesPostDelete' - ContainersResponsePost: - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/ContainersResourcesPostDelete' - ContainersResponseDelete: - title: Container Resource DELETE response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/ContainersResourcesPostDelete' - CmmcResponseGet: - title: CMMC GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/CmmcGet' - WorkflowDefinitionResponseGet: - title: Workflow Definition GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/WorkflowDefinitionGet' - WorkflowInstancesResponseGet: - title: Workflow Instances GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - $ref: '#/components/schemas/WorkflowInstanceGet' - pagination: - type: object - properties: - totalCount: - type: integer - x-faker: random.number - example: 12 - totalPages: - type: integer - x-faker: random.number - example: 2 - prevPageUrl: - type: string - x-faker: - random.arrayElement: - - - https://my.endpoint.url.org/previousPage - example: https://my.endpoint.url.org/previousPage - nextPageUrl: - type: string - x-faker: - random.arrayElement: - - - https://my.endpoint.url.org/nextPage - example: https://my.endpoint.url.org/nextPage - WorkflowInstanceResponseGet: - title: Workflow Instances GET response schema - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - $ref: '#/components/schemas/WorkflowInstanceGet' - - #---------------------------------------------------------------------------- - # Supporting 200 Responses - Endpoint responses, returned values - #---------------------------------------------------------------------------- - Systems: - title: Systems - return query from the server for the GET call - type: object - additionalProperties: false - properties: - registrationCompletionDate: - type: integer - nullable: true - description: '[Read-Only] Date the system was registered into eMASS.' - x-faker: - random.number: 1234567890 - example: 1638741770 - systemLifeCycleAcquisitionPhase: - type: string - nullable: true - description: '[Read-Only] Identifies the current System Acquisition Phase for - programs of record.' - x-faker: company.bsBuzz - example: Pre-Milestone A - specialType: - type: string - nullable: true - description: '[Read-Only] Lists applicable tracking indicator(s).' - x-faker: company.catchPhraseNoun - example: Special Type 1 - specialTypeDescription: - type: string - nullable: true - description: '[Read-Only] Provides a brief reason for any tracking indicator(s) - selected.' - x-faker: company.catchPhraseDescriptor - example: Test Special Type Description - missionPortfolio: - type: string - nullable: true - description: '[Read-Only] Identifies the appropriate portfolio or capability - area. Navy only.' - x-faker: hacker.phrase - example: Not Applicable - isNNPI: - type: boolean - nullable: true - description: '[Read-Only] Indicates whether Naval Nuclear Propulsion Information - (NNPI) is stored, disseminated, or processed through this system. - Navy only.' - x-faker: random.boolean - example: false - isRBC: - type: boolean - nullable: true - description: '[Read-Only] Indicates whether the system is pursuing an RBC - authorization. Navy only.' - x-faker: random.boolean - example: false - isWaiver: - type: boolean - nullable: true - description: '[Read-Only] Indicates if the system has a waiver from OPNAV N2N6G - (DDCIO(N)) to proceed with a DIACAP accreditation. Navy and DIACAP - only.' - x-faker: random.boolean - example: true - programOffice: - type: string - nullable: true - description: '[Read-Only] The system record''s Program Office. Navy only.' - x-faker: name.jobTitle - example: Test Program Office - vramId: - type: string - nullable: true - description: '[Read-Only] Vulnerability Remediation Asset Manager (VRAM) - identification number. "N/A" indicates the system record is not - currently registered in VRAM. Navy only.' - x-faker: system.semver - example: '12345' - systemId: - type: integer - format: int64 - description: '[Read-only] Unique system record identifier.' - x-faker: random.number - example: 33 - policy: - type: string - nullable: true - description: '[Read-only] RMF/DIACAP Policy identifier for the system record.' - example: RMF - enum: - - RMF - - DIACAP - registrationType: - type: string - nullable: true - description: '[Read-Only] Registration type of the system record. Values include - (assessAndAuthorize, assessOnly, guest, regular, functional, - cloudServiceProvider.)' - enum: - - Assess and Authorize - - Assess Only - - Guest - - Regular - - Functional - - Cloud Service Provider - - Authorization To Use - example: Assess and Authorize - name: - type: string - nullable: true - description: '[Read-only] Name of the system record.' - x-faker: company.companyName - example: System XYZ - acronym: - type: string - nullable: true - description: '[Read-only] Acronym of the system record.' - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - example: PM-6 - description: - type: string - nullable: true - description: '[Read-only] Description of the system record.' - x-faker: random.words - example: This is a test system for the eMASS API documentation - instance: - type: string - nullable: true - description: '[Read-Only] Name of the top-level component that owns the system.' - x-faker: company.companySuffix - example: Navy - owningOrganization: - type: string - nullable: true - description: '[Read-Only] Owning organization of the system record. Values match - the eMASS instance Organizational Hierarchy.' - x-faker: company.companyName - example: Defense Information Systems Agency - secondaryOrganization: - type: string - nullable: true - description: '[Read-only] Secondary organization that owns the system record - (i.e. Sub-Organization-level.' - x-faker: company.companyName - example: ID31 - versionReleaseNo: - type: string - nullable: true - description: '[Read-only] Version/Release Number of system record.' - x-faker: system.semver - example: V1 - systemType: - type: string - nullable: true - description: '[Read-only] Type of the system record. RMF values include the - following options (IS Major Application, IS Enclave, Platform IT - System). DIACAP values include the following options (Platform IT - Interconnection, AIS Application, Outsourced IT-Based Process - (DoD-controlled), Enclave, Outsourced IT-Based Process (service - provider shared))' - enum: - - IS Major Application - - IS Enclave - - Platform IT - - Platform IT System - - Platform IT Interconnection - - AIS Application - - Outsourced IT-Based Process (DoD-controlled) - - Enclave - - Outsourced IT-Based Process (service provider shared) - example: IS Major Application - isNSS: - type: boolean - nullable: true - description: '[Read-only] Is the system record a National Security System?' - x-faker: random.boolean - example: true - isPublicFacing: - type: boolean - nullable: true - description: '[Read-only] Does the system record have a public facing - component/presence.' - x-faker: random.boolean - example: true - coamsId: - type: integer - format: int64 - nullable: true - description: '[Read-only] Corresponding Cyber Operational Attributes Management - System (COAMS) identifier for the system record.' - example: 93054 - isTypeAuthorization: - type: boolean - nullable: true - description: '[Read-only] Identifies if system is a Type Authorization.' - x-faker: random.boolean - example: true - ditprId: - type: string - description: '[Read-only] DITPR ID of the system record.' - x-faker: system.semver - example: '30498' - apmsId: - type: string - nullable: true - description: '[Read-Only] Same field as ditprId but displays as apmsId for Army - only.' - x-faker: random.alphaNumeric - example: '30498' - vasiId: - type: string - nullable: true - description: '[Read-Only] Same field as ditprId but displays as vasiId for VA - only.' - x-faker: random.alphaNumeric - example: '30498' - authorizationStatus: - type: string - nullable: true - description: '[Read-only] Authorization Status of the system record.' - x-faker: - random.arrayElement: - - - Authorization to Operate (ATO) - - Authorization to Operate with Conditions (ATO w/Conditions) - - Interim Authorization to Test (IATT) - - Denied Authorization to Operate (DATO) - - Not Yet Authorized - - Decommissioned - - Authorization to Operate (ATO) - - Interim Authorization to Operate (IATO) - - Interim Authorization to Test (IATT) - - Denied Authorization to Operate (DATO) - - Unaccredited - - Decommissioned - example: Not Yet Authorized - authorizationDate: - type: integer - nullable: true - description: '[Read-only] Authorization Date of the system record.' - x-faker: - random.number: 1234567890 - example: 1638741660 - authorizationTerminationDate: - type: integer - nullable: true - description: '[Read-only] Authorization Termination Date of the system record.' - x-faker: - random.number: 1234567890 - example: 1638741660 - authorizationLength: - type: integer - nullable: true - description: '[Read-only] Length of system''s Authorization. Calculated based - off of Authorization Date & Authorization Termination Date.' - minimum: 28 - maximum: 1825 - example: 365 - securityControlsAssessorExecutiveSummary: - type: string - nullable: true - description: '[Read-Only] Document an assessment of overall cybersecurity - risk (Very Low, Low, Moderate, High, Very High) and identify the key - drivers for assessment.' - x-faker: company.catchPhrase - example: Executive Summary of the system's Security Controls Assessor - riskReviewExecutiveSummary: - type: string - nullable: true - description: '[Read-Only] Document an assessment of overall cybersecurity - risk (Very Low, Low, Moderate, High, Very High) and identify the key - drivers for assessment. VA only' - x-faker: company.catchPhrase - example: Executive Summary of the system's Risk Review - termsForAuth: - type: string - nullable: true - description: '[Read-only] Terms/Conditions for receiving and maintaining the - system''s Authorization. Assigned by the Authorizing Official.' - x-faker: company.bs - example: Terms/Conditions to maintain a valid ATO - securityPlanApprovalStatus: - type: string - nullable: true - description: '[Read-only] Status of the approval of the system''s RMF Security - Plan. Values include the following options (Approved, Denied, Not - Yet Approved).' - enum: - - Approved - - Not Yet Approved - - Denied - example: Approved - securityPlanApprovalDate: - type: integer - nullable: true - description: '[Read-only] Approval date of the system''s RMF Security Plan.' - x-faker: - random.number: 1234567890 - example: 1638741660 - missionCriticality: - type: string - nullable: true - description: '[Read-only] Mission Criticality of the system record.' - x-faker: random.words - example: Mission Support (MS) - geographicalAssociation: - type: string - nullable: true - description: '[Read-only] Geographical Association of the system record.' - x-faker: random.words - example: VA Operated IS - systemOwnershipControlled: - type: string - nullable: true - description: '[Read-only] Ownership of the system record.' - x-faker: commerce.productName - example: Region 1 - governingMissionArea: - type: string - nullable: true - description: '[Read-only] Governing Mission Area of the system record.' - x-fakes: radom.words - example: DoD portion of the Intelligence MA (DIMA) - primaryFunctionalArea: - type: string - nullable: true - description: '[Read-only] Primary functional area of the system record.' - x-faker: - random.arrayElement: - - - Allies - - CBRNE - - Civilian Personnel & Readiness - - Command and Control - - Communications - - Communications Security (COMSEC) - - Economic - - Environmental Security - - Facilities - - Finance - - Health/Medical - - Human Resources - - Information Management - - Inspector General - - Intelligence - - Logistics - - Military Personnel and Readiness - - Nuclear - - Nuclear, Chemical, and Biological - - Operations - - Personnel and Readiness - - Procurement/Acquisition - - Reserve Components - - Scientific and Engineering - - Space and Weather - - Test and Evaluation - - Trainers - - Weapons - - Legal - - Transportation - - Not Applicable (N/A) - - Integration and Testing - example: Health/Medical - secondaryFunctionalArea: - type: string - nullable: true - description: '[Read-only] Secondary functional area of the system record.' - x-faker: - random.arrayElement: - - - Allies - - CBRNE - - Civilian Personnel & Readiness - - Command and Control - - Communications - - Communications Security (COMSEC) - - Economic - - Environmental Security - - Facilities - - Finance - - Health/Medical - - Human Resources - - Information Management - - Inspector General - - Intelligence - - Logistics - - Military Personnel and Readiness - - Nuclear - - Nuclear, Chemical, and Biological - - Operations - - Personnel and Readiness - - Procurement/Acquisition - - Reserve Components - - Scientific and Engineering - - Space and Weather - - Test and Evaluation - - Trainers - - Weapons - - Legal - - Transportation - - Not Applicable (N/A) - - Integration and Testing - example: Logistics - primaryControlSet: - type: string - nullable: true - description: '[Read-only] Primary Control Set of the system record. RMF values - include the following options (NIST SP 800-53 Revision 4), DIACAP - values include the following options (DoDI 8500.2)' - enum: - - NIST SP 800-53 Revision 4 - - DoDI 8500.2 - example: NIST SP 800-53 Revision 4 - confidentiality: - type: string - nullable: true - description: '[Read-only] Confidentiality of the system record. RMF values - include the following options (High, Moderate, Low)' - enum: - - High - - Moderate - - Low - example: Low - integrity: - type: string - nullable: true - description: '[Read-only] Integrity of the system record. RMF values include the - following options (High, Moderate, Low)' - enum: - - High - - Moderate - - Low - example: Moderate - availability: - type: string - nullable: true - description: '[Read-only] Availability of the system record. RMF values include - the following options (High, Moderate, Low)' - enum: - - High - - Moderate - - Low - example: High - appliedOverlays: - type: string - nullable: true - description: '[Read-only] Overlays applied to the system record. Multiple values - are separated by semi-colon '';''.' - x-faker: - random.arrayElement: - - - Classified Information - - Privacy - - Public - - Unclassified Information - - Classified Information; Privacy - - Unclassified Information; Public - example: Classified Information; Privacy - appliedStigs: - type: string - nullable: true - description: '[Read-only] The STIG''s applied to the system record.' - x-faker: - random.arrayElement: - - - A10_Networks_ADC_ALG_STIG - - Active_Directory_Domain - example: Active_Directory_Domain - rmfActivity: - type: string - nullable: true - description: '[Read-only] RMF Activity of the system record.' - x-faker: - random.arrayElement: - - - Initiate and plan C&A - - Initiate and plan cybersecurity Assessment Authorization - - Implement and validate assigned security controls - - Make assessment determination and authorization decision - - Maintain ATO and conduct reviews - - Decommission - example: Maintain ATO and conduct reviews - crossDomainTicket: - type: string - nullable: true - description: '[Read-only] Cross Domain Tickets of the system record.' - x-faker: random.words - example: Cross Domain Ticket test - ditprDonId: - type: string - nullable: true - description: '[Read-Only] DITPR-DON identifier of the system record.' - x-faker: random.alphaNumeric - example: 5910, 1234, 8765 - mac: - type: string - nullable: true - description: '[Read-Only] MAC level of the system record.' - enum: - - I - - II - - III - example: II - dodConfidentiality: - type: string - nullable: true - description: '[Read-Only] DoD Confidentiality level of the system record.' - enum: - - Public - - Sensitive - - Classified - example: Public - contingencyPlanRequired: - type: boolean - nullable: true - description: '[Read-Only] Is there a Contingency Plan in place for this system - that addresses disruptions in operations?' - x-faker: random.boolean - example: true - contingencyPlanArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Contingency Plan artifact.' - x-faker: system.commonFileName - example: ContingencyPlanTest.pdf - contingencyPlanTested: - type: boolean - nullable: true - description: '[Read-only] Has the system record''s Contingency Plan been tested?' - x-faker: random.boolean - example: true - contingencyPlanTestDate: - type: integer - nullable: true - description: '[Read-only] Date the system record''s Contingency Plan was tested.' - x-faker: - random.number: 1234567890 - example: 1426957321 - securityReviewRequired: - type: boolean - nullable: true - description: '[Read-Only] Is the system required to complete a Security Review?' - x-faker: random.boolean - example: true - securityReviewCompleted: - type: boolean - nullable: true - description: '[Read-Only] Has a Security Review been completed for this system?' - x-faker: random.boolean - example: true - securityReviewCompletionDate: - type: integer - nullable: true - description: '[Read-Only] Date of the system''s latest security review or annual - assessment.' - x-faker: - random.number: 1234567890 - example: 1531958400 - nextSecurityReviewDueDate: - type: integer - nullable: true - description: '[Read-Only] Date when the system''s next security review or annual - assessment is due by.' - x-faker: - random.number: 1234567890 - example: 1526957321 - hasOpenPoamItem: - type: boolean - nullable: true - description: '[Read-Only] Does the system record have an Ongoing or Risk - Accepted POA&M Item?' - x-faker: random.boolean - example: true - hasOpenPoamItem90to120PastScheduledCompletionDate: - type: boolean - nullable: true - description: '[Read-Only] Does the system record have an Ongoing or Risk - Accepted POA&M Item 90 to 120 days past its Scheduled Completion - Date?' - x-faker: random.boolean - example: false - hasOpenPoamItem120PlusPastScheudledCompletionDate: - type: boolean - nullable: true - description: '[Read-Only] Does the system record have an Ongoing or Risk - Accepted POA&M Item 120 days past its Scheduled Completion Date?' - x-faker: random.boolean - example: false - impact: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - enum: - - Low - - Moderate - - High - example: Low - hasCUI: - type: boolean - nullable: true - description: '[Read-only] Does the system record contain and/or process - Controlled Unclassified information?' - x-faker: random.boolean - example: false - hasPII: - type: boolean - nullable: true - description: '[Read-only] Does the system record contain and/or process - Personally Identifiable Information?' - x-faker: random.boolean - example: false - hasPHI: - type: boolean - nullable: true - description: '[Read-only] Does the system record contain and/or process Personal - Health Information?' - x-faker: random.boolean - example: false - ppsmRegistrationRequired: - type: string - nullable: true - description: '[Read-Only] Determine if a PPSM registration is required.' - x-faker: random.words - example: PPSM registration required - ppsmRegistryNumber: - type: string - nullable: true - description: '[Read-only] Unique identifier for the DoD''s Ports, Protocols, and - Services Management Registry system.' - x-faker: random.words - example: Test PPSM Registry Number - ppsmRegistrationExemptionJustification: - type: string - nullable: true - description: '[Read-Only] Clarify why a PPSM registraiton is not necessary.' - x-faker: random.words - example: Exemption justification - interconnectedInformationSystemAndIdentifiers: - type: string - nullable: true - description: '[Read-only] Identify the interconnected information systems and - corresponding identifiers within control CA-3.' - x-faker: random.word - example: Test - privacyImpactAssessmentRequired: - type: boolean - nullable: true - description: '[Read-only] Does the system require a Privacy Impact Assessment?' - x-faker: random.boolean - example: true - privacyImpactAssessmentStatus: - type: string - nullable: true - description: '[Read-only] Status of the PIA, availability values include the - following options (Not Started, In Progress, Completed)' - enum: - - Not Started - - In Progress - - Completed - example: Not Started - privacyImpactAssessmentDate: - type: integer - nullable: true - description: '[Read-only] Date in which the system''s PIA took place.' - x-faker: - random.number: 1234567890 - example: 1622048629 - privacyImpactAssessmentArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s PIA artifact.' - x-faker: system.commonFileName - example: PIATest.pdf - userDefinedField1: - type: string - nullable: true - description: '[Read-only] User-defined field to augment Ad Hoc Reporting.' - x-faker: - random.arrayElement: - - - Test User-defined Field 1 - - Test User-defined Field 2 - - Test User-defined Field 3 - - Test User-defined Field 4 - - Test User-defined Field 4 - example: Test User-defined Field 1 - userDefinedField2: - type: string - nullable: true - description: '[Read-only] User-defined field to augment Ad Hoc Reporting.' - x-faker: - random.arrayElement: - - - Test User-defined Field 1 - - Test User-defined Field 2 - - Test User-defined Field 3 - - Test User-defined Field 4 - - Test User-defined Field 4 - example: Test User-defined Field 2 - userDefinedField3: - type: string - nullable: true - description: '[Read-only] User-defined field to augment Ad Hoc Reporting.' - x-faker: - random.arrayElement: - - - Test User-defined Field 1 - - Test User-defined Field 2 - - Test User-defined Field 3 - - Test User-defined Field 4 - - Test User-defined Field 4 - example: Test User-defined Field 3 - userDefinedField4: - type: string - nullable: true - description: '[Read-only] User-defined field to augment Ad Hoc Reporting.' - x-faker: - random.arrayElement: - - - Test User-defined Field 1 - - Test User-defined Field 2 - - Test User-defined Field 3 - - Test User-defined Field 4 - - Test User-defined Field 4 - example: Test User-defined Field 4 - userDefinedField5: - type: string - nullable: true - description: '[Read-only] User-defined field to augment Ad Hoc Reporting.' - x-faker: - random.arrayElement: - - - Test User-defined Field 1 - - Test User-defined Field 2 - - Test User-defined Field 3 - - Test User-defined Field 4 - - Test User-defined Field 4 - example: Test User-defined Field 5 - currentRmfLifecycleStep: - type: string - nullable: true - description: '[Read-only] Displays the system''s current step within the RMF - Lifecycle.' - enum: - - 1 - Categorize - - 2 - Select - - 3 - Implement - - 4 - Assess - - 5 - Authorize - - 6 - Monitor - example: 4 - Assess - otherInformation: - type: string - nullable: true - description: '[Read-only] Include any additional information required by the - organization.' - x-faker: random.words - example: Additional Comments - reportsForScorecard: - type: boolean - nullable: true - description: '[Read-only] Indicates if the system reports to the DoD Cyber - Hygiene Scorecard.' - x-faker: random.boolean - example: true - highestSystemDataClassification: - type: string - nullable: true - description: '[Read-Only] The overall classification level of information that - the System is approved to collect, process, store, and/or - distribute.' - x-faker: - random.arrayElement: - - - Public Trust - - For Official Use Only (FOUO) - - Controlled Unclassified Information (CUI) - - Unclassified - - Restricted Data/Formerly Restricted Data - - Sensitive Compartmented Information - - Special Access Program - - Secret - - Top Secret - - Confidential - example: Unclassified - overallClassification: - type: string - nullable: true - description: '[Read-Only] Same field as highestSystemDataClassification, but - displays as overallClassification for NISP only.' - x-faker: - random.arrayElement: - - - Public Trust - - For Official Use Only (FOUO) - - Controlled Unclassified Information (CUI) - - Unclassified - - Restricted Data/Formerly Restricted Data - - Sensitive Compartmented Information - - Special Access Program - - Secret - - Top Secret - - Confidential - example: Unclassified - isHVA: - type: boolean - nullable: true - description: '[Read-Only] Indicates if the system contains High Value Assets. - Does not display if value is null' - x-faker: random.boolean - example: true - isFinancialManagement: - type: boolean - nullable: true - description: | - [Read-Only] Per OMB Circular A-127, a financial management system includes the core financial systems and the financial portions - of mixed systems necessary to support financial management, including automated and manual processes, procedures, and - controls, data, hardware, software, and support personnel dedicated to the operation and maintenance of system functions. - The following are examples of financial management systems: core financial systems, procurement systems, loan systems, grants - systems, payroll systems, budget formulation systems, billing systems, and travel systems. - x-faker: random.boolean - example: true - isReciprocity: - type: boolean - nullable: true - description: | - [Read-Only] A reciprocity system is any information system that is part of a mutual agreement among participating - organizations to accept each other's security assessments in order to reuse information system resources and/or - to accept each other's assessed security posture in order to share information. - x-faker: random.boolean - example: true - reciprocityExemption: - type: string - nullable: true - description: | - [Read-Only] The following justifications are acceptable for exemption from reciprocity: (a) the existence of - the system is classified (not the data, but the existence of the system) or (b) the system's authorization to - operate is in the process of being pulled (e.g. DATO, Decommission). - x-faker: random.words - example: Decommission - cloudComputing: - type: boolean - nullable: true - description: '[Read-Only] Is this a cloud-based IS?' - x-faker: random.boolean - example: false - cloudType: - type: string - nullable: true - description: '[Read-Only] Values include the following: (Hybrid, Private, Public)' - enum: - - Hybrid - - Private - - Public - example: Public - authorizationToConnectStatus: - type: string - nullable: true - description: | - [Read-Only] The Authority to Connect decision. Values include the following: - (Authority to Connect (ATC), Denial of Authority to Connect (DATC), Not Yet Connected, - Decommissioned) - enum: - - Authority to Connect (ATC) - - Denial of Authority to Connect (DATC) - - Not Yet Connected - - Decommissioned - example: Decommissioned - isSaaS: - type: boolean - nullable: true - description: '[Read-Only] Software as a Service (SaaS) cloud service model.' - x-faker: random.boolean - example: true - isPaaS: - type: boolean - nullable: true - description: '[Read-Only] Platform as a Service (PaaS) cloud service model.' - x-faker: random.boolean - example: false - isIaaS: - type: boolean - nullable: true - description: '[Read-Only] Infrastructure as a Service (IaaS) cloud service model.' - x-faker: random.boolean - example: true - otherServiceModels: - type: string - nullable: true - description: '[Read-Only] Free text field to include other cloud service models.' - x-faker: random.words - example: Test Other Service - needDate: - type: integer - nullable: true - description: '[Read-Only] Indicates the date by which the System needs to be - deployed to a production environment.' - x-faker: - random.number: 1234567890 - example: 1638741660 - overallRiskScore: - type: string - nullable: true - description: '[Read-Only] The overall risk score of the system' - x-faker: random.word - example: Moderate - isHRR: - type: boolean - nullable: true - description: '[Read-Only] Identifies whether a System has been designated as - High Risk Review. USCG and Navy only.' - x-faker: random.boolean - example: false - connectivityAuthorizationDate: - type: integer - nullable: true - description: '[Read-Only] The Connectivity Authorization Date.' - x-faker: - random.number: 1234567890 - example: 1638741660 - connectivityAuthorizationTerminationDate: - type: integer - nullable: true - description: '[Read-Only] The Connectivity Authorization Termination Date.' - x-faker: - random.number: 1234567890 - example: 1638741660 - systemDevelopmentLifeCycle: - type: string - nullable: true - description: '[Read-Only] Indicate the date by which the System needs to be - deployed to a production environment. VA only.' - x-faker: random.words - example: Test Other Service - isFISMAReportable: - type: boolean - nullable: true - description: '[Read-Only] Is this IS reportable per Federal Information Security - Management Act (FISMA) established requirements? VA only' - x-faker: random.boolean - example: false - groupTagging: - type: string - nullable: true - description: '[Read-Only] System Tags for enterprise level, to include CIO and - CISO, tracking efforts. VA only.' - x-faker: - random.arrayElement: - - - Group Tag 1 - - Group Tag 2 - - Group Tag 3 - - Group Tag 4 - - Group Tag 5 - example: Group Tag 1 - groupTagDescriptions: - type: string - nullable: true - description: '[Read-Only] System Tag explanation(s) for enterprise level, to - include CIO and CISO, tracking efforts. VA only.' - x-faker: - random.arrayElement: - - - Group Tag 1 explanation - - Group Tag 2 explanation - - Group Tag 3 explanation - - Group Tag 4 explanation - - Group Tag 5 explanation - example: Group Tag 1 explanation - dadmsId: - type: string - nullable: true - description: '[Read-Only] The system''s DADMS ID. USMC only.' - x-faker: system.semver - example: DADMS-1 - dadmsExpirationDate: - type: integer - nullable: true - description: '[Read-Only] Date the system expires in DADMS. USMC only.' - x-faker: - random.number: 1234567890 - example: 1638751730 - enclaveConnectivity: - type: string - nullable: true - description: '[Read-Only] Identify the type of connectivity for the - network/enclave, e.g., DISA circuit (NIPR, SIPR) or HPCMP circuit - (DREN, SDREN, Outreach). Navy only.' - x-faker: - random.arrayElement: - - - NIPR - - SIPR - - HPCMP - - DREN - - SDREN - example: NIPR - environmentType: - type: string - nullable: true - description: '[Read-Only] Identify the primary computing environment for where - the information system is deployed. Navy only.' - x-faker: - random.arrayElement: - - - Personal Computing - - Time Sharing Computing - - Client Server Computing - - Distributed Computing - - Cloud Computing - - Cluster Computing - example: Cloud Computing - navyCommonControlProvider: - type: boolean - nullable: true - description: '[Read-Only] Indicate whether the information system provides - inheritable controls. Navy only' - x-faker: random.boolean - example: false - navyCloudBroker: - type: string - nullable: true - description: '[Read-Only] Identify the broker responsible for the delivery of - commercial cloud services and capabilities. Refer to Navy Commercial - Cloud Brokerage Policy. Navy Only' - x-faker: company.companyName - example: AWS IL 5 - cloudBrokerEmassId: - type: integer - nullable: true - description: '[Read-Only] The eMASS ID of the identified cloud broker. Navy only.' - x-faker: - random.number: 12345678 - example: 2349 - cloudBrokerProvisionalAuthorizationAtd: - type: integer - nullable: true - description: '[Read-Only] The provisional authorization termination date of the - identified cloud broker. Navy only' - x-faker: - random.number: 1234567890 - example: 1638741660 - navyJointAuthorization: - type: boolean - nullable: true - description: '[Read-Only] Indicate whether this is a joint authorization being - issued by two or more Authorizing Officials. Navy only' - x-faker: random.boolean - example: false - nmciNgenClins: - type: string - nullable: true - description: '[Read-Only] Provide all NMCI CLINs associated to the - system/services within the authorization boundary. Navy only' - x-faker: random.word - example: NMCI CLIN - enterpriseLocations: - type: string - nullable: true - description: '[Read-Only] Identify the Navy enterprise network where the - information system is deployed. Navy only' - x-faker: internet.domainName - example: All Navy Networks - whitelistId: - type: string - nullable: true - description: '[Read-Only] Systems that have public-facing components/presences - are typically required to be documented and registered as part of - Organzationally-approved whitelisting processes.' - x-faker: random.words - example: DoD DMZ Whitelist - whitelistInventory: - type: string - nullable: true - description: '[Read-Only] Provide/upload the documentation that identifies or - describes the components or aspects of the System that are - public-facing (whitelisted).' - x-faker: random.words - example: Whitelist document - acquisitionCategory: - type: string - nullable: true - description: '[Read-Only] Values include the following options (I,II,III)' - x-faker: - random.arrayElement: - - - I - - II - - III - example: I - softwareCategory: - type: string - nullable: true - description: '[Read-Only] Lists the software category.' - x-faker: random.words - example: Government Off-The-Shelf Software (GOTS) - cybersecurityServiceProvider: - type: string - nullable: true - description: '[Read-Only] Name of the system''s Cybersecurity Service Provider.' - x-faker: - random.arrayElement: - - - NIPR - - SIPR - - HPCMP - - DREN - - SDREN - example: NIPR - cybersecurityServiceProviderExceptionJustification: - type: string - nullable: true - description: '[Read-Only] If Not Applicable, provide the exception justification.' - x-faker: random.words - example: Exception justification - maximumTolerableDowntime: - type: string - nullable: true - description: '[Read-Only] MTD represents the total amount of time - leaders/managers are willing to accept for a process outage or - disruption.' - enum: - - Immediate - - Less than 2 hours - - Less than 4 hours - - Less than 6 hours - example: Immediate - recoveryTimeObjective: - type: string - nullable: true - description: '[Read-Only] RTO defines the maximum amount of time a system can - remain unavailable before there is an unacceptable impact on other - systems, supported business processes, and the MTD.' - x-faker: random.words - example: 'Mission Critical: 12 hours' - recoveryPointObjective: - type: string - nullable: true - description: '[Read-Only] RPO represents the point in time, prior to a - disruption or system outage, to which mission/business data can be - recovered (given the most recent backup copy of the data) after an - outage. The system data/information owner determines an acceptable - RPO in terms of amount of tolerable data loss before unacceptable - impact occurs.' - x-faker: random.words - example: 'Mission Critical: 12 hours' - businessImpactAnalysisRequired: - type: boolean - nullable: true - description: '[Read-Only] Is a Business Impact Analysis in place that identifies - critical business processes, MTD, RTO, and RPO?' - x-faker: random.boolean - example: true - businessImpactAnalysisArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Business Impact Analysis - artifact.' - x-faker: system.commonFileName - example: BIATest.pdf - incidentResponsePlanRequired: - type: boolean - nullable: true - description: '[Read-Only] Is there a Incident Response Plan in place for this - system that provides the roadmap for implementing the incident - response capability?' - x-faker: random.boolean - example: true - incidentResponsePlanArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Incident Response Plan - artifact.' - x-faker: system.commonFileName - example: IRPlanTest.pdf - disasterRecoveryPlanRequired: - type: boolean - nullable: true - description: '[Read-Only] Is there a Disaster Recovery Plan in place for this - system that addresses information system disruptions that require - relocation?' - x-faker: random.boolean - example: true - disasterRecoveryPlanArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Disaster Recovery Plan - artifact.' - x-faker: system.commonFileName - example: DRPlanTest.pdf - privacyThresholdAnalysisCompleted: - type: boolean - nullable: true - description: '[Read-Only] Indicate whether a Privacy Threshold Analysis (PTA) - has been performed for this IS.' - x-faker: random.boolean - example: true - privacyThresholdAnalysisDate: - type: integer - nullable: true - description: '[Read-Only] Date in which this sytem''s Privacy Threshold Analysis - took place.' - x-faker: - random.number: 1234567890 - example: 1715312304 - privacyThresholdAnalysisArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Privacy Threshold Analysis - artifact.' - x-faker: system.commonFileName - example: PTATest.pdf - privacyActSystemOfRecordsNoticeRequired: - type: boolean - nullable: true - description: '[Read-Only] Does this system require a Privacy Act System of - Record Notice per DoD 5400.11-R?' - x-faker: random.boolean - example: true - eAuthenticationRiskAssessmentRequired: - type: boolean - nullable: true - description: '[Read-Only] Indicate whether an E-Authentication Risk Assessment - has been performed for the system in accordance with OMB M-04-04.' - x-faker: random.boolean - example: true - eAuthenticationRiskAssessmentDate: - type: integer - nullable: true - description: '[Read-Only] Date this system''s EAuthentication Risk Assessment - took place.' - x-faker: - random.number: 1234567890 - example: 1715312304 - eAuthenticationRiskAssessmentArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the system''s Privacy Threshold Analysis - artifact.' - x-faker: system.commonFileName - example: EAuthRisk.pdf - ipv4OnlyAssets: - type: integer - nullable: true - description: '[Read-Only] Identify the total number of assets associated with - this boundary that are only on IPv4.' - x-faker: - random.number: - min: 0 - max: 150 - example: 10 - ipv6OnlyAssets: - type: integer - nullable: true - description: '[Read-Only] Identify the total number of assets associated with - this boundary that are only on IPv6.' - x-faker: - random.number: - min: 0 - max: 150 - example: 5 - ipv4Ipv6DualStackAssets: - type: integer - nullable: true - description: '[Read-Only] Identify the total number of assets associated with - this boundary that are operating on IPv4/IPv6 dual-stack.' - x-faker: - random.number: - min: 0 - max: 300 - example: 15 - totalIpAssets: - type: integer - nullable: true - description: '[Read-Only] Total number of IPv4, IPv6, and dual-stack assets - identified. Value calculated upon Save action' - x-faker: - random.number: - min: 0 - max: 500 - example: 30 - originatingOrganization: - type: string - nullable: true - description: '[Read-Only] Identify the organization that generated the existing - authorization package, including (where applicable) individual - points of contact.' - x-faker: company.companyName - example: Originating Organization - systemUseJustification: - type: string - nullable: true - description: '[Read-Only] Provide a detailed justification as to why this system - should be deployed and used within the requesting organization.' - x-faker: random.words - example: System EOL within 120 days - systemUseJustificationArtifact: - type: string - nullable: true - description: '[Read-Only] Filename of the System Use Justification Artifact, - including the file extension.' - x-faker: system.commonFileName - example: SystemUseJustification.pdf" - authorizationToUseStatus: - type: string - nullable: true - description: '[Read-Only] The system''s Authority to Use Status.' - x-faker: random.words - example: Authority to Use (ATU) - reciprocityAcceptanceStatus: - type: string - nullable: true - description: '[Read-Only] The system''s Reciprocity Acceptance Status. Army IC - only.' - x-faker: random.words - example: Acceptance status content - useAuthorizationDate: - type: integer - nullable: true - description: '[Read-Only] The system''s Use Authorization Date.' - x-faker: - random.number: 1234567890 - example: 1715312304 - reciprocityAcceptanceDate: - type: integer - nullable: true - description: '[Read-Only] The system''s Reciprocity Acceptance Date. Army IC - only.' - x-faker: - random.number: 1234567890 - example: 1715312304 - useAuthorizationTerminationDate: - type: integer - nullable: true - description: '[Read-Only] The system''s Use Authorization Termination Date.' - x-faker: - random.number: 1234567890 - example: 1715312304 - reciprocityAcceptanceTerminationDate: - type: integer - nullable: true - description: '[Read-Only] The system''s Reciprocity Acceptance Termination Date. - Army IC only.' - x-faker: - random.number: 1234567890 - example: 1715312304 - termsConditionsForUseSummary: - type: string - nullable: true - description: '[Read-Only] The system''s Terms / Conditions for Use Summary.' - x-faker: random.words - example: Test ATU Summary - termsConditionsForReciprocitySummary: - type: string - nullable: true - description: '[Read-Only] The system''s Terms / Conditions for Reciprocity - Summary. Army IC only.' - x-faker: random.words - example: Test ATU Summary - primaryMissionEssentialFunction: - type: boolean - nullable: true - description: '[Read-Only] Annotate ''Yes'' if your system performs a Primary Mission Essential Function. VA only' - x-faker: random.boolean - example: false - pmefDescription: - type: string - nullable: true - description: '[Read-Only] The FIPS category "Availability" of this system must be marked "High" if the system is - listed as a PMEF, and the RTO must be 12 hours or shorter. VA only' - x-faker: random.words - example: Test PMEF Description - missionEssentialFunction: - type: boolean - nullable: true - description: '[Read-Only] Annotate "Yes" if your system performs a Mission Essential Function. VA only.' - x-faker: random.boolean - example: false - mefDescription: - type: string - nullable: true - description: '[Read-Only] MEFs are listed in the OIT Continuity Plan. - VA Handbook 0322 will be updated with these MEFs. VA only.' - x-faker: random.words - example: Test MEF Description - administration: - type: string - nullable: true - description: '[Read-Only] Identify the administration that this information system supports. VA only.' - x-faker: random.words - example: Test Administration - administrationOtherJustification: - type: string - nullable: true - description: '[Read-Only] If the Administration field is set to "Other", this free-text field becomes required. VA only.' - x-faker: random.words - example: Test Administration Justification - atcIatcGrantedDate: - type: integer - nullable: true - description: '[Read-Only] The date the Authority to Connect (ATC) or Interim Authority to Connect (IATC) was granted.' - x-faker: - random.number: 1234567890 - example: 1715312304 - atcIatcExpirationDate: - type: integer - nullable: true - description: '[Read-Only] The date the Authority to Connect (ATC) or Interim Authority to Connect (IATC) expires.' - x-faker: - random.number: 1234567890 - example: 1715312304 - atcIatcPendingItems: - type: string - nullable: true - description: '[Read-Only] List of pending items required for the Authority to Connect (ATC) or Interim Authority to Connect (IATC).' - x-faker: random.words - example: Test ATC/IATC Pending Items - pendingItemsDueDate : - type: integer - nullable: true - description: '[Read-Only] The date the pending items are due.' - x-faker: - random.number: 1234567890 - example: 1715312304 - dodinnSystemId: - type: boolean - nullable: true - description: '[Read-Only] A DoDIN-N system is all encompassing for the following: Navy networks, - systems, sites, corporate assets, centrally managed programs, programs of record, standalone, - excepted, enterprise, non-enterprise, cloud, NIPRNET, SIPRNET, GENSER Classified, Defense Research - Engineering Network (DREN), Secret DREN (SDREN), connected to the DoDIN or through commercial - lines that are owned, operated, leased, contracted, maintained, managed, administered, house Navy - data, house Navy personally identifiable information, house Navy protected health information, - or controlled unclassified information. The DoDIN-N also includes commercial information technology, - weapons systems/program manager/program of record/platform information technology, and operational - technology. Navy only.' - x-faker: random.boolean - example: false - authorizationToUseConnectStatus: - type: string - nullable: true - description: '[Read-Only] FCC CRMA/NAO approval for DoDIN-N operations. Navy only.' - x-faker: random.words - example: Authorization - useConnectAuthorizationDate: - type: integer - nullable: true - description: '[Read-Only] The Use/Connect Authorization Date. Navy only.' - x-faker: - random.number: 1234567890 - example: 1715312304 - useConnectAuthorizationTerminationDate: - type: integer - nullable: true - description: '[Read-Only] The Use/Connect Authorization Termination Date Navy only.' - x-faker: - random.number: 1234567890 - example: 1715312304 - termsConditionsForUseConnectSummary: - type: string - nullable: true - description: '[Read-Only] Provide a description (if applicable) of any specific limitations - or restrictions placed on the operation of the information system as part of the authorization - to use/connect decision. Navy only.' - x-faker: random.words - example: Test ATU Summary - workstations: - type: integer - nullable: true - description: '[Read-Only] Identify the number of System Workstations. This data will be used - for the National Industrial Security System (NISS) facility categorization. If field is not - applicable enter "0". NISP only.' - x-faker: - random.number: - min: 0 - max: 10000 - example: 10 - servers: - type: integer - nullable: true - description: '[Read-Only] Identify the number of System Servers. This data will be used - for the National Industrial Security System (NISS) facility categorization. If field is not - applicable enter "0". NISP only.' - x-faker: - random.number: - min: 0 - max: 10000 - example: 5 - connectivityCcsd: - type: array - nullable: true - items: - $ref: '#/components/schemas/ConnectivityCcsd' - ConnectivityCcsd: - title: System CCSD Connectivity - type: object - additionalProperties: false - properties: - ccsdNumber: - type: string - nullable: true - description: '[Read-Only] Identifier for specific connections to the system.' - x-faker: - random.arrayElement: - - - CCSD-123 - - CCSD-456 - - CCSD-789 - - CCSD-246 - example: CCSD-579 - connectivity: - type: string - nullable: true - description: '[Read-Only] Choose connection type for the system.' - x-faker: - random.arrayElement: - - - Connected - - Disconnected - - Not Applicable - - Test Connectivity - example: Not Yet Authorized - RoleCategory: - title: System Roles Gategories - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: '[Read-only] Unique system record identifier.' - x-faker: random.number - example: 35 - systemName: - type: string - nullable: true - description: '[Read-only] Name of the system record.' - x-faker: company.companyName - example: eMASS API Example System - systemAcronym: - type: string - nullable: true - description: '[Read-only] Acronym of the system record.' - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - example: S-XYZ - roles: - type: array - nullable: true - items: - $ref: '#/components/schemas/Roles' - Roles: - title: System Role - type: object - additionalProperties: false - properties: - roleCategory: - type: string - description: '[Required] System role categories' - x-faker: - random.arrayElement: - - - CAC - - PAC - - Other - example: PAC - role: - type: string - description: '[Required] System role description' - x-faker: - random.arrayElement: - - - PM/IAM - - SCA - - AO - - ISSO - - ISSM - - IAO - - Validator (IV&V) - - User Rep (View Only) - - Auditor - - Artifact Manager - - C&A Team - example: AO - users: - type: array - nullable: true - items: - $ref: '#/components/schemas/Users' - Users: - title: System role users - type: object - additionalProperties: false - properties: - firstName: - type: string - x-faker: name.firstName - example: John - lastName: - type: string - x-faker: name.lastName - example: Smith - email: - type: string - format: email - x-faker: internet.email - example: John.Smith@hb.com - ControlsPut: - title: Controls - return query from the server for the PUT call - type: object - additionalProperties: false - properties: - acronym: - type: string - description: Acronym of the system record. - example: AC-34 - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - success: - type: boolean - description: Indicates if operations result (success/fail) - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - description: The system identifier for the system being updated. - x-faker: random.number - example: 33 - errors: - $ref: '#/components/schemas/Errors' - TestResultsGet: - title: Test Results - server returned data from the GET call - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS identifier. Will need to provide correct - number' - x-faker: random.number - example: 35 - control: - type: string - nullable: true - description: '[Read-Only] Control acronym associated with the test result. NIST - SP 800-53 Revision 4 defined.' - example: AC-3 - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - cci: - type: string - description: '[Required] CCI associated with test result.' - example: '000002' - x-faker: - random.arrayElement: - - - '000012' - - '000045' - - '000005' - - '000125' - - '000145' - - '000063' - - '000451' - - '000254' - - '000852' - - '001234' - - '002115' - - '000155' - assessmentProcedure: - type: string - description: '[Required] The Security Control Assessment Procedure being - assessed.' - example: AC-1.1 - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - AC-3 - - AC-1.1 - - AC-1.2 - - AC-1.3 - - AC-2.1 - - AC-2.2 - - AC-2.3 - - AC-3.1 - - AC-3.2 - - AC-3.3 - isInherited: - type: boolean - nullable: true - description: '[Read-only] Indicates whether a test result is inherited.' - x-faker: random.boolean - example: true - testedBy: - type: string - description: '[Required] Last Name, First Name. 100 Characters.' - x-faker: name.findName - example: Smith, Joe - testDate: - type: integer - format: int64 - description: '[Required] Unix time format.' - x-faker: - random.number: 1234567890 - example: 1638741770 - description: - type: string - description: '[Required] Include description of test result. 4000 Characters.' - x-faker: random.words - example: Test result description - type: - type: string - nullable: true - description: '[Read-Only] Indicates the location in the Control Approval Chain - when the test result is submitted.' - example: Self-Assessment - x-faker: - random.arrayElement: - - - Self-Assessment - - Schedule-Assessment - - Deep Evaluation - complianceStatus: - type: string - description: '[Required] Test result compliance status' - example: Compliant - enum: - - Compliant - - Non-Compliant - - Not Applicable - TestResultsPost: - title: Test Results - return query from the server for the POST call - type: object - additionalProperties: false - properties: - cci: - type: string - description: CCI associated with test result. - example: 000001,000002 - x-faker: - random.arrayElement: - - - '000012' - - '000045' - - '000005' - - '000125' - - '000145' - - '000063' - - '000451' - - '000254' - - '000852' - - '001234' - - '002115' - - '000155' - success: - type: boolean - description: Indicates if operations result (success/fail) - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - description: The system identifier for the system being updated. - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - PoamPostPutDel: - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: The system identifier for the system being updated. - x-faker: random.number - example: 33 - poamId: - type: integer - format: int64 - description: The newly created POAM identifier - x-faker: random.number - example: 45 - externalUid: - type: string - description: The unique identifier external to the eMASS application for use - with associating POA&Ms. 100 Characters. - x-faker: random.uuid - example: d6d98b88-c866-4496-9bd4-de7ba48d0f52 - success: - type: boolean - description: Indicates if operations result (success/fail) - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - MilestonesGet: - title: Milestones - return query from the server for the GET call - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 830 - milestoneId: - type: integer - format: int64 - description: '[Required] Unique item identifier.' - x-faker: random.number - example: 19 - poamId: - type: integer - format: int64 - description: '[Required] Unique item identifier.' - x-faker: random.number - example: 45 - description: - type: string - description: '[Required] Include milestone description.' - x-faker: random.words - example: Description text - scheduledCompletionDate: - type: integer - format: int64 - description: '[Required] Required for ongoing and completed POA&M items. Unix - time format.' - x-faker: - random.number: 1234567890 - example: 1715312304 - reviewStatus: - type: string - nullable: true - description: '[Read-Only] Values include the following options: (Not - Approved,Under Review,Approved).' - example: Under Review - enum: - - Not Approved - - Under Review - - Approved - createdBy: - type: string - nullable: true - description: '[Read-Only] Last, first name of the user that created the - milestone.' - x-faker: name.findName - example: Smith, John - createdDate: - type: integer - format: int64 - description: '[Read-Only] Timestamp representing when the milestone was entered - into the database.' - x-faker: - random.number: 1234567890 - example: 1715312304 - MilestonesPutPostDelete: - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: The system identifier that the POAM was added. - x-faker: random.number - example: 35 - poamId: - type: integer - format: int64 - description: The newly created POAM identifier - x-faker: random.number - example: 45 - milestoneId: - type: integer - format: int64 - description: The Milestone unique item identifier - x-faker: random.number - example: 77 - externalUid: - type: string - description: The unique identifier external to the eMASS application for use - with associating POA&Ms. 100 Characters. - x-faker: random.uuid - example: d6d98b88-c866-4496-9bd4-de7ba48d0f52 - success: - type: boolean - description: Indicates if operations result (success/fail) - x-faker: random.boolean - example: true - errors: - $ref: '#/components/schemas/Errors' - CacGet: - title: CAC - return query from the server for the GET call - type: object - additionalProperties: false - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 35 - controlAcronym: - type: string - description: '[Required] System acronym name.' - example: AC-3 - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - complianceStatus: - type: string - nullable: true - description: '[Read-only] Compliance status of the control.' - x-faker: random.word - example: Compliant - currentStageName: - type: string - nullable: true - description: '[Read-Only] Role in current stage.' - x-faker: random.word - example: SCA-V - currentStage: - type: integer - nullable: true - description: '[Read-Only] Current step in the Control Approval Chain.' - example: 2 - minimum: 1 - maximum: 50 - totalStages: - type: integer - nullable: true - description: '[Read-Only] Total number of steps in Control Approval Chain.' - example: 2 - minimum: 1 - maximum: 50 - comments: - type: string - nullable: true - description: '[Conditional] Control Approval Chain comments - 2000 Characters.' - x-faker: random.words - example: Control Approval Chain comments text. - PacGet: - title: PAC - return query from the server for the GET call - type: object - properties: - workflow: - type: string - description: '[Required] Values include the following:(Assess and Authorize, - Assess Only, Security Plan Approval)' - example: Assess and Authorize - enum: - - Assess and Authorize - - Assess Only - - Security Plan Approval - name: - type: string - description: '[Required] Package name. 100 Characters.' - x-faker: random.word - example: Package name text - currentStageName: - type: string - nullable: true - description: '[Read-Only] Name of the current stage in the active workflow.' - x-faker: random.word - example: SCA-R - currentStage: - type: integer - nullable: true - description: '[Read-Only] Number of the current stage in the active workflow.' - x-faker: - random.number: 10 - example: 4 - totalStages: - type: integer - nullable: true - description: '[Read-Only] Total number of stages in the active workflow.' - x-faker: - random.number: 10 - example: 6 - daysAtCurrentStage: - type: integer - nullable: true - description: '[Read-Only] Indicates the number of days at current workflow stage.' - x-faker: - random.number: 25 - example: 2 - comments: - type: string - nullable: true - description: '[Required]] Comments submitted upon initiation of the indicated workflow. - Character Limit = 4,000.' - x-faker: random.words - example: PAC initial submition comments - PacPost: - title: PAC - return query from the server for the POST call - type: object - properties: - workflow: - type: string - description: '[Required] Values include the following:(Assess and Authorize, - Assess Only, Security Plan Approval)' - example: Assess and Authorize - enum: - - Assess and Authorize - - Assess Only - - Security Plan Approval - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - StaticCodePost: - title: Static Code - return query from the server for the POST call - type: object - properties: - applicationName: - type: string - description: '[Required] Name of the software application that was assessed.' - x-faker: company.companyName - example: Artemis - version: - type: string - description: '[Required] The version of the application.' - x-faker: system.semver - example: Version 5.0 - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - CloudResourcesPostDelete: - title: Cloud Resources - return query from the server for the POST/DELETE calls - type: object - additionalProperties: false - properties: - resourceId: - type: string - description: '[Required] Unique identifier/resource namespace for policy - compliance result' - example: /subscriptions/123456789/sample/resource/namespace/default - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - ContainersResourcesPostDelete: - title: Containers - return query from the server for the POST/DELETE calls - type: object - additionalProperties: false - properties: - containerId: - type: string - description: '[Required] Unique identifier of the container' - example: command-control - success: - type: boolean - x-faker: random.boolean - example: true - systemId: - type: integer - format: int64 - x-faker: random.number - example: 35 - errors: - $ref: '#/components/schemas/Errors' - CmmcGet: - title: CMMC - return query from the server for the GET call - type: object - additionalProperties: false - properties: - operation: - type: string - nullable: true - description: '[Read-Only] Indicates the action that should be taken on the - assessment record since the provided sinceDate.' - enum: - - ADDED - - UPDATED - - DELETED - example: UPDATED - hqOrganizationName: - type: string - nullable: true - description: '[Read-Only] The name of the DIB Company.' - x-faker: company.companyName - example: Army - uei: - type: string - nullable: true - description: '[Read-Only] The Unique Entity Identifier assigned to the DIB - Company.' - x-faker: finance.account - example: '9809123' - oscName: - type: string - nullable: true - description: '[Read-Only] The name of the Organization Seeking Certification.' - x-faker: company.companyName - example: UC Labs - highestLevelOwnerCageCode: - type: string - nullable: true - description: '[Read-Only] Identifies the highest-level CAGE Code associated with - a given organization.' - x-faker: - random.alphaNumeric: 5 - example: 99D8B - cageCodesInScope: - type: string - nullable: true - description: '[Read-Only] The five position code(s) associated with the - Organization Seeking Certification (OSC).' - x-faker: random.semver - example: 89ED9; 99D8B - numberOfEmployees: - type: integer - format: int64 - nullable: true - description: '[Read-Only] The number of employees affiliated with the Organization Seeking Certification.' - x-faker: - random.number: 250 - example: 100 - scope: - type: string - nullable: true - description: '[Read-Only] The scope of the OSC assessment.' - x-faker: - random.arrayElement: - - - Enterprise - - Non-Enterprise - - Enclave - example: Enterprise - scopeDescription: - type: string - nullable: true - description: '[Read-Only] Brief description of the scope of the OSC assessment' - x-faker: random.words - example: Assessment of UC's Lab - assessmentStandard: - type: string - nullable: true - description: '[Read-Only] Version of the CMMC Model used as part of the - assessment.' - x-faker: - random.arrayElement: - - - NIST SP 800-171 Revision 2 - - NIST SP 800-171 Revision 3 - example: NIST SP 800-171 Revision 2 - assessmentId: - type: string - nullable: true - description: '[Read-Only] Unique identifier for the assessment/certificate.' - x-faker: random.uuid - example: 41b89528-a7a8-470a-90f4-c3fd1267d6f7 - cmmcUid: - type: string - nullable: true - description: '[Read-Only] Identifies the unique ID that is associated with a - given CMMC certification for an organization.' - x-faker: - random.alphaNumeric: 9 - example: L20000003 - overallScore: - type: integer - format: int64 - description: '[Read-Only] Identifies the overall calculated score for the - assessment based on the assigned values to each applicable security - requirement.' - x-faker: - random.number: 150 - example: 110 - cmmcStatus: - type: string - nullable: true - description: '[Read-Only] The status of the CMMC certification.' - x-faker: - random.arrayElement: - - - Conditional Level 2 (C3PAO) - - Final Level 2 (C3PAO) - - Conditional Level 3 (DIBCAC) - - Final Level 3 (DIBCAC) - example: Conditional Level 2 (C3PAO) - cmmcStatusDate: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Date of the CMMC status.' - x-faker: - random.number: 1234567890 - example: 1715312304 - cmmcStatusExpirationDate: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Expiration date of the CMMC status.' - x-faker: - random.number: 1234567890 - example: 1715312304 - WorkflowDefinitionGet: - title: Workflow Definition - return query from the server for the GET call - type: object - properties: - workflowUid: - type: string - nullable: true - description: '[Read-Only] Unique workflow definition identifier.' - x-faker: random.uuid - example: 6f810301-5b3b-4f89-81e7-587fef9142a9 - workflow: - type: string - nullable: true - description: '[Read-Only] The workflow type.' - example: 'RMF Step 1: Security Category' - x-faker: - random.arrayElement: - - - 'RMF Step 1: Security Category' - - 'RMF Step 2: Security Category' - - 'RMF Step 3: Security Category' - version: - type: string - nullable: true - description: '[Read-Only] Version of the workflow definition.' - x-faker: system.semver - example: '4' - description: - type: string - nullable: true - description: '[Read-Only] Description of the workflow or the stage transition.' - x-faker: lorem.sentence - example: The workflow description - isActive: - type: boolean - nullable: true - description: '[Read-Only] Returns true if the workflow is available to the site.' - x-faker: random.boolean - example: false - stages: - type: array - nullable: true - additionalProperties: false - items: - $ref: '#/components/schemas/Stage' - Stage: - title: Workflow Definition Stage - type: object - additionalProperties: false - properties: - name: - type: string - nullable: true - description: '[Read-Only] Name of the stage. For older workflows, this will - match the user assigned to the stage.' - example: Not Started - x-faker: - random.arrayElement: - - - Not Started - - Categorize System - - Submit Categorization - - Approval - - Complete - - Cancelled - - AO - - SCA - - PM/IAM - transitions: - type: array - nullable: true - additionalProperties: false - items: - $ref: '#/components/schemas/DefinitionTransitions' - DefinitionTransitions: - title: Workflow Definition Transition - type: object - additionalProperties: false - properties: - endStage: - type: string - nullable: true - description: '[Read-Only] The landing stage that is active after performing a - transition.' - x-faker: random.word - example: Submit Categorization - description: - type: string - nullable: true - description: '[Read-Only] Description that matches the action dropdown that - appears for PAC users.' - x-faker: random.words - example: Initiate Workflow - roles: - type: array - nullable: true - additionalProperties: false - items: - example: PM/ISO, System Admin, eMASS System Admin, ISSE, ISSM, IO - x-faker: - random.arrayElement: - - - PM/ISO - - System Admin - - eMASS System Admin - - ISSE - - ISSM - - IO - - Other - - Unknown - WorkflowInstanceGet: - title: Workflow Instances - return query for the GET workflow instances in a - site - type: object - properties: - workflowUid: - type: string - nullable: true - description: '[Read-Only] Unique workflow definition identifier.' - x-faker: random.uuid - example: 6f810301-5b3b-4f89-81e7-587fef9142a9 - systemId: - type: integer - format: int64 - nullable: true - description: '[Read-only] Unique system record identifier.' - x-faker: random.number - example: 35 - systemName: - type: string - nullable: true - description: '[Read-Only] The system name.' - x-faker: company.companyName - example: Test system 1 - workflowInstanceId: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Unique workflow instance identifier.' - x-faker: random.number - example: 35 - packageName: - type: string - nullable: true - description: '[Read-Only] The package name.' - example: Test RMF Step 1 package - createdDate: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Date the workflow instance or the workflow transition - was created.' - example: 1636124623 - lastEditedDate: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Date the workflow was last acted on.' - example: 1631130837 - lastEditedBy: - type: string - nullable: true - description: '[Read-Only] User that last acted on the workflow.' - x-faker: internet.email - example: john.doe.ctr@mail.mil - workflow: - type: string - nullable: true - description: '[Read-Only] The workflow type.' - x-faker: random.words - example: 'RMF Step 1: Security Category' - version: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Version of the workflow definition.' - x-faker: random.number - example: 11 - currentStage: - type: string - nullable: true - description: '[Read-Only] Name of the current stage.' - example: Echelon II - x-faker: - random.arrayElement: - - - Echelon I - - Echelon II - - Echelon III - - Echelon IV - - Echelon V - transitions: - type: array - items: - $ref: '#/components/schemas/InstanceTransitions' - InstanceTransitions: - title: Workflow Instances Transition - type: object - additionalProperties: false - properties: - comments: - type: string - nullable: true - description: '[Read-Only] Comments entered by the user when performing the - transition.' - x-faker: random.words - example: Approved the categorization - createdBy: - type: string - nullable: true - description: '[Read-Only] User that performed the workflow transition.' - x-faker: internet.email - example: john.doe.ctr@mail.mil - createdDate: - type: integer - format: int64 - nullable: true - description: '[Read-Only] Date the workflow instance or the workflow transition - was created.' - example: 1636124623 - description: - type: string - nullable: true - description: '[Read-Only] Description of the stage transition. This matches the - action dropdown that appears for PAC users.' - x-faker: random.words - example: Submit New Package - endStage: - type: string - nullable: true - description: '[Read-Only] The landing stage that is active after performing a - transition.' - x-faker: random.word - example: Submit Categorization - startStage: - type: string - nullable: true - description: '[Read-Only] The beginning stage that is active before performing a - transition.' - x-faker: random.word - example: Not Started - - #---------------------------------------------------------------------------- - # Common Fields - #---------------------------------------------------------------------------- - - #---------------------------------------------------------------------------- - # Artifacts Fields - ArtifactsIds: - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 35 - ArtifactsRequiredFields: - properties: - filename: - type: string - description: | - [Required] File name should match exactly one file within the provided zip file. 1000 Characters. - or Application/zip file. Max 30MB per artifact. - x-faker: system.commonFileName - example: AutorizationGuidance.pdf - isTemplate: - type: boolean - nullable: true - description: '[Required] Indicates whether an artifact template.' - x-faker: random.boolean - example: false - type: - type: string - description: '[Required] Artifact type options' - x-faker: - random.arrayElement: - - - Procedure - - Diagram - - Policy - - Labor - - Document - - Image - - Other - - Scan Result - - Auditor Report - example: Policy - category: - type: string - description: '[Required] Artifact category options' - x-faker: - random.arrayElement: - - - mplementation Guidance - - Evidence - - Other - example: Change Request - ArtifactsOptionalFields: - properties: - name: - type: string - description: '[Optional] Artifact name. Character Limit = 100.' - nullable: true - x-faker: random.word - example: E-Authentication Assessment - description: - type: string - nullable: true - description: '[Optional] Artifact description. 10,000 Characters.' - x-faker: random.words - example: Artifact description text - referencePageNumber: - type: string - nullable: true - description: '[Optional] Artifact reference page number. 50 Characters.' - x-faker: random.words - example: Reference page number - assessmentProcedures: - type: string - description: '[Optional] The Security Control Assessment Procedure being - associated with the artifact.' - example: AC-1.1 - controls: - type: string - nullable: true - description: '[Optional] Control acronym associated with the artifact. NIST SP - 800-53 Revision 4 defined.' - x-faker: company.companySuffix - example: AC-8,AC-2(4) - expirationDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Date Artifact expires and requires review. In Unix Date - format.' - example: 18089586892 - lastReviewedDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Date Artifact was last reviewed. Unix time format.' - example: 1757409188 - signedDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Date artifact was signed. Unix time format.' - example: 1767409188 - ArtifactsReadOnlyFields: - properties: - isInherited: - type: boolean - nullable: true - description: '[Read-only] Indicates whether an artifact is inherited.' - x-faker: random.boolean - example: true - ccis: - type: string - nullable: true - description: '[Read-Only] CCI mapping for Assessment Procedures associated with - the artifact.' - example: 000001,000002 - x-faker: - random.arrayElement: - - - 000012,000045 - - '000005' - - 000125,000145 - - 000063,000451,000254 - - '000852' - - 001234,002115 - - '000155' - mimeContentType: - type: string - nullable: true - description: '[Read-Only] Standard MIME content type derived from file extension.' - x-faker: system.mimeType - example: application/zip - fileSize: - type: string - nullable: true - description: '[Read-Only] File size of attached artifact.' - x-faker: - random.arrayElement: - - - 369 KB - - 459 KB - - 134 KB - - 659 KB - - 555 KB - - 1 MB - - 1.3 MB - - 2 MB - - 2.7 MB - - 3.1 MB - - 4 MB - example: 4MB - - #---------------------------------------------------------------------------- - # Controls Fields - ControlsIds: - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 83 - ControlsRequiredFields: - properties: - acronym: - type: string - description: '[Required] Acronym of the system record.' - example: AC-3 - x-faker: - random.arrayElement: - - - AC-1 - - AC-2 - - S-1 - - S-23 - - SI-16 - - SI-56 - - UA-16 - - SI-4(11) - responsibleEntities: - type: string - description: '[Required] Include written description of Responsible Entities - that are responsible for the Security Control. Character Limit 2,000.' - x-faker: random.words - example: Unknown - controlDesignation: - type: string - description: '[Required] Control designations' - example: Common - enum: - - Common - - System-Specific - - Hybrid - estimatedCompletionDate: - type: integer - format: int64 - description: '[Required] Field is required for Implementation Plan. Unix time format.' - x-faker: - random.number: 1234567890 - example: 1799644800 - implementationNarrative: - type: string - description: '[Required] Includes security control comments. Character Limit 2,000.' - x-faker: random.words - example: Test Imp. Narrative - ControlsConditionalFields: - properties: - commonControlProvider: - type: string - nullable: true - description: '[Conditional] Indicate the type of Common Control Provider for an - Inherited Security Control.' - example: DoD - enum: - - DoD - - Component - - Enclave - naJustification: - type: string - nullable: true - description: '[Conditional] Provide justification for Security Controls deemed - Not Applicable to the system.' - x-faker: random.words - example: System EOL within 120 days - slcmCriticality: - type: string - nullable: true - description: '[Conditional] Criticality of Security Control regarding SLCM. - Character Limit = 2,000.' - x-faker: random.word - example: Test Criticality - slcmFrequency: - type: string - nullable: true - description: '[Conditional] SLCM frequency' - example: Annually - enum: - - Constantly - - Daily - - Weekly - - Monthly - - Quarterly - - Semi-Annually - - Annually - - Every Two Years - - Every Three Years - - Undetermined - slcmMethod: - type: string - nullable: true - description: '[Conditional] SLCM method utilized' - example: Automated - enum: - - Automated - - Semi-Automated - - Manual - - Undetermined - slcmReporting: - type: string - nullable: true - description: '[Conditional] Method for reporting Security Control for SLCM. - Character Limit = 2,000.' - x-faker: random.word - example: Test Reporting - slcmTracking: - type: string - nullable: true - description: '[Conditional] How Non-Compliant Security Controls will be tracked - for SLCM. Character Limit = 2,000.' - x-faker: random.word - example: Test Tracking - slcmComments: - type: string - nullable: true - description: '[Conditional] Additional comments for Security Control regarding - SLCM. Character Limit = 4,000.' - x-faker: random.words - example: Test SLCM Comments - ControlsOptionalFields: - properties: - implementationStatus: - type: string - nullable: true - description: '[Optional] Implementation Status of the Security Control for the - information system.' - example: Planned - enum: - - Planned - - Implemented - - Inherited - - Not Applicable - - Manually Inherited - severity: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - vulnerabiltySummary: - type: string - nullable: true - description: '[Optional] Include vulnerability summary. Character Limit = 2,000.' - x-faker: random.words - example: Test Vulnerability Summary - recommendations: - type: string - nullable: true - description: '[Optional] Include recommendations. Character Limit = 2,000.' - x-faker: random.words - example: Test Recommendations - relevanceOfThreat: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - likelihood: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - impact: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - impactDescription: - type: string - nullable: true - description: '[Optional] Include description of Security Control''s impact.' - x-faker: random.words - example: Impact text - residualRiskLevel: - type: string - nullable: true - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - testMethod: - type: string - nullable: true - description: '[Optional] Identifies the assessment method / combination that - will determine if the security requirements are implemented - correctly.' - example: Test - enum: - - Test - - Interview - - Examine - - Test, Interview - - Test, Examine - - Interview, Examine - - Test, Interview, Examine - mitigations: - type: string - nullable: true - description: '[Optional] Identify any mitigations in place for the Non-Compliant - Security Control''s vulnerabilities. Character Limit = 2,000.' - x-faker: random.words - example: Test Mitigations - applicationLayer: - type: string - nullable: true - description: '[Optional] If the Financial Management (Navy) overlay is applied - to the system, this field appears and can be populated. Character - Limit = 2,000. Navy only.' - x-faker: - random.arrayElement: - - - Personal Computing - - Time Sharing Computing - - Client Server Computing - - Distributed Computing - - Cloud Computing - - Cluster Computing - example: Cloud Computing - databaseLayer: - type: string - nullable: true - description: '[Optional] If the Financial Management (Navy) overlay is - applied to the system, this field appears and can be populated. Navy only.' - x-faker: - random.arrayElement: - - - Personal Computing - - Time Sharing Computing - - Client Server Computing - - Distributed Computing - - Cloud Computing - - Cluster Computing - example: Time Sharing Computing - operatingSystemLayer: - type: string - nullable: true - description: '[Optional] If the Financial Management (Navy) overlay is - applied to the system, this field appears and can be populated. Navy only.' - x-faker: - random.arrayElement: - - - Personal Computing - - Time Sharing Computing - - Client Server Computing - - Distributed Computing - - Cloud Computing - - Cluster Computing - example: Client Server Computing - ControlsReadOnlyFields: - properties: - name: - type: string - nullable: true - description: '[Read-only] Name of the system record.' - x-faker: company.bs - example: System XYZ - ccis: - type: string - nullable: true - description: '[Read-only] Comma separated list of CCIs associated with the - control.' - example: 000001,000002 - x-faker: - random.arrayElement: - - - 000012,000045 - - '000005' - - 000125,000145 - - 000063,000451,000254 - - '000852' - - 001234,002115 - - '000155' - isInherited: - type: boolean - nullable: true - description: '[Read-only] Indicates whether a control is inherited.' - x-faker: random.boolean - example: true - modifiedByOverlays: - type: string - nullable: true - description: '[Read-only] List of overlays that affect the control.' - example: Requirements - x-faker: - random.arrayElement: - - - Privacy - - Requirements - - Concurrency - includedStatus: - type: string - nullable: true - description: '[Read-only] Indicates the manner by which a control was included - in the system''s categorization.' - x-faker: - random.arrayElement: - - - Manually - - Planned - - Unplanned - - Baseline - example: Manually - complianceStatus: - type: string - nullable: true - description: '[Read-only] Compliance of the control.' - x-faker: random.word - example: Status - - #---------------------------------------------------------------------------- - # POAM Fields - PoamIds: - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 830 - poamId: - type: integer - format: int64 - description: '[Required] Unique item identifier' - x-faker: random.number - example: 45 - displayPoamId: - type: integer - format: int64 - description: '[Required] Globally unique identifier for individual POA&M Items, - seen on the front-end as ID.' - x-faker: random.number - example: 100000010 - PoamRequiredFields: - properties: - status: - type: string - description: '[Required] The POA&M status' - example: Completed - enum: - - Ongoing - - Risk Accepted - - Completed - - Not Applicable - - Archived - vulnerabilityDescription: - type: string - description: '[Required] Provide a description of the POA&M Item. 2000 - Characters.' - x-faker: random.words - example: Description text - sourceIdentifyingVulnerability: - type: string - description: '[Required] Include Source Identifying Vulnerability text. 2000 - Characters.' - x-faker: random.words - example: Source Indentifying Vulnerability text - pocOrganization: - type: string - description: '[Required] Organization/Office represented. 100 Characters.' - x-faker: company.companyName - example: Army - resources: - type: string - description: '[Required] List of resources used. 250 Characters.' - x-faker: random.words - example: Resource text - identifiedInCFOAuditOrOtherReview: - type: boolean - description: '[Required] If not specified, this field will be set to false - because it does not accept a null value. VA only' - x-faker: random.boolean - example: true - PoamConditionalFields: - properties: - pocFirstName: - type: string - description: '[Conditional] First name of POC. 100 Characters.' - x-faker: name.firstName - example: John - pocLastName: - type: string - description: '[Conditional] Last name of POC. 100 Characters.' - x-faker: name.lastName - example: Smith - pocEmail: - type: string - description: '[Conditional] Email address of POC. 100 Characters.' - x-faker: internet.email - example: smith@ah.com - pocPhoneNumber: - type: string - description: '[Conditional] Phone number of POC (area code) ***-**** format. 100 - Characters.' - x-faker: phone.phoneNumber.email - example: 555-555-5555 - severity: - type: string - description: '[Conditional] Required for approved items. Values include the - following options: (Very Low, Low, Moderate,High,Very High)' - example: Low - scheduledCompletionDate: - type: integer - format: int64 - nullable: true - description: '[Conditional] Required for ongoing and completed POA&M items. Unix - time format.' - x-faker: - random.number: 1234567890 - example: 1799644800 - completionDate: - type: integer - format: int64 - description: '[Conditional] Field is required for completed POA&M items. Unix - time format.' - x-faker: - random.number: 1234567890 - example: 1745916276 - comments: - type: string - description: '[Conditional] Field is required for completed and risk accepted - POA&M items. 2000 Characters' - x-faker: random.words - example: Comments text. - personnelResourcesFundedBaseHours: - type: number - format: float - nullable: true - description: | - [Conditional] At least one of the following is required and must be completed for each POA&M Item: - Personnel Resources-> Funded Base Hours - Personnel Resources-> Unfunded Base Hours - Non-Personnel Resources-> Funded Amount - Non-Personnel Resources-> Unfunded Amount - Displays numbers to the second decimal point (e.g., 100.00). VA only. - x-faker: - random.number: - min: 100 - max: 300 - precision: 0.01 - decimals: 2 - example: 100 - personnelResourcesCostCode: - type: string - nullable: true - description: | - [Conditional] Required if Personnel Resources: Funded Base Hours is populated. - Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only. - x-faker: finance.transactionType - example: 123456 - personnelResourcesUnfundedBaseHours: - type: number - format: float - nullable: true - description: | - [Conditional] At least one of the following is required and must be completed for each POA&M Item: - Personnel Resources-> Funded Base Hours - Personnel Resources-> Unfunded Base Hours - Non-Personnel Resources-> Funded Amount - Non-Personnel Resources-> Unfunded Amount - Displays numbers to the second decimal point (e.g., 100.00). VA only. - x-faker: - random.number: - min: 100 - max: 300 - precision: 0.01 - decimals: 2 - example: 100 - personnelResourcesNonfundingObstacle: - type: string - nullable: true - description: | - [Conditional] Required if Personnel Resources: Unfunded Base Hours is populated. - Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only. - x-faker: random.words - example: Not an system of interest - personnelResourcesNonfundingObstacleOtherReason: - type: string - nullable: true - description: '[Conditional] Required if the value "Other" is populated for the - field Personnel Resources: Non-Funding Obstacle. VA only.' - x-faker: random.words - example: Not an system of interest - nonPersonnelResourcesFundedAmount: - type: number - format: float - nullable: true - description: | - [Conditional] At least one of the following is required and must be completed for each POA&M Item: - Personnel Resources-> Funded Base Hours - Personnel Resources-> Unfunded Base Hours - Non-Personnel Resources-> Funded Amount - Non-Personnel Resources-> Unfunded Amount - Displays numbers to the second decimal point (e.g., 100.00). VA only. - x-faker: - random.number: - min: 100 - max: 300 - precision: 0.01 - decimals: 2 - nonPersonnelResourcesCostCode: - type: string - nullable: true - description: | - [Conditional] Required if Non-Personnel Resources: Funded Amount is populated. - Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only. - x-faker: finance.transactionType - nonPersonnelResourcesUnfundedAmount: - type: number - format: float - nullable: true - description: | - [Conditional] At least one of the following is required and must be completed for each POA&M Item: - Personnel Resources-> Funded Base Hours - Personnel Resources-> Unfunded Base Hours - Non-Personnel Resources-> Funded Amount - Non-Personnel Resources-> Unfunded Amount - Displays numbers to the second decimal point (e.g., 100.00). VA only. - x-faker: - random.number: - min: 100 - max: 300 - precision: 0.01 - decimals: 2 - nonPersonnelResourcesNonfundingObstacle: - type: string - nullable: true - description: | - [Conditional] Required if Non-Personnel Resources: Unfunded Amount is populated. - Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only. - x-faker: random.words - example: Not an system of interest - nonPersonnelResourcesNonfundingObstacleOtherReason: - type: string - nullable: true - description: '[Conditional] Required if the value "Other" is populated for the - field Non-Personnel Resources: Non-Funding Obstacle. VA only.' - x-faker: random.words - example: Not an system of interest - PoamOptionalFields: - properties: - externalUid: - type: string - description: '[Optional] Unique identifier external to the eMASS application for - use with associating POA&Ms. 100 Characters.' - example: d6d98b88-c866-4496-9bd4-de7ba48d0f52 - controlAcronym: - type: string - description: '[Optional] Control acronym associated with the POA&M Item. NIST SP - 800-53 Revision 4 defined.' - example: AC-3 - assessmentProcedure: - type: string - description: '[Optional] The Security Control Assessment Procedure being - associated with the POA&M Item.' - example: AC-1.4 - securityChecks: - type: string - description: '[Optional] Security Checks that are associated with the POA&M.' - x-faker: random.words - example: SV-25123r1_rule,2016-A-0279 - rawSeverity: - type: string - description: '[Optional] Scan vulnerability ratting Values include the - following options: (Very Low, Low, Moderate,High,Very High)' - example: Moderate - relevanceOfThreat: - type: string - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - likelihood: - type: string - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - impact: - type: string - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - impactDescription: - type: string - description: '[Optional] Include description of Security Control''s impact.' - x-faker: random.words - example: Impact text - residualRiskLevel: - type: string - description: '[Optional] Values include the following options (Very Low, Low, - Moderate,High,Very High)' - example: Low - recommendations: - type: string - description: '[Optional] Include recommendations. Character Limit = 2,000.' - x-faker: random.words - example: Recommendations text - mitigations: - type: string - description: '[Optional] Include mitigation explanation. 2000 Characters.' - x-faker: random.words - example: Mitigation text - resultingResidualRiskLevelAfterProposedMitigations: - type: string - nullable: true - description: '[Optional] Indicate the risk level expected after any proposed - mitigations are implemented. Proposed mitigations should be - appropriately documented as POA&M milestones. Navy only.' - example: Low - enum: - - Very Low - - Low - - Moderate - - High - - Very High - predisposingConditions: - type: string - nullable: true - description: '[Optional] A predisposing condition is a condition existing within - an organization, a mission or business process, enterprise - architecture, information system/PIT, or environment of operation, - which affects (i.e., increases or decreases) the likelihood that - threat events, once initiated, result in adverse impacts. Navy - only.' - x-faker: random.words - example: The predisposing condition justification - threatDescription: - type: string - nullable: true - description: '[Optional] Describe the identified threat(s) and relevance to the - information system. Navy only.' - x-faker: random.words - example: The identified threat(s) description - devicesAffected: - type: string - nullable: true - description: '[Optional] List any affected devices by hostname. If all devices - in the information system are affected, state ''system'' or ''all''. - Navy only' - x-faker: - random.arrayElement: - - - hostname-1 - - hostname-2 - - hostname-3 - - hostname-4 - - hostnam-5 - - system - - all - example: system - PoamReadOnlyFields: - properties: - conditionId: - type: string - nullable: true - description: '[Read-Only] Unique identifier of the authorization term/condition - linked to the POA&M Item.' - x-faker: - random.arrayElement: - - - TC-10100292 - - TC-36510292 - - TC-10145221 - - TC-41314221 - example: TC-10100292 - isInherited: - type: boolean - nullable: true - description: '[Read-only] Indicates whether a test result is inherited.' - x-faker: random.boolean - example: true - cci: - type: string - nullable: true - description: '[Read-Only] CCI associated with POA&M Item.' - x-faker: - random.arrayElement: - - - '000012' - - '000045' - - '000005' - - '000125' - - '000145' - - '000063' - - '000451' - - '000254' - - '000852' - - '001234' - - '002115' - - '000155' - example: 000001,000002 - reviewStatus: - type: string - nullable: true - description: '[Read-Only] Values include the following options: (Not - Approved,Under Review,Approved)' - enum: - - Not Approved - - Under Review - - Approved - example: Under Review - createdDate: - type: integer - format: int64 - description: '[Read-Only] Timestamp representing when the POA&M Item was entered - into the database.' - x-faker: - random.number: 1234567890 - example: 1715312304 - extensionDate: - type: integer - format: int64 - nullable: true - description: | - [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone - with a scheduled completion date that extends beyond the POA&M Item's scheduled completion date. - x-faker: - random.number: 1234567890 - example: 1715312304 - pendingExtensionDate: - type: integer - format: int64 - nullable: true - description: | - [Read-Only] Value returned for a POA&M Item with a review status of "Approved" and an unapproved - milestone with a scheduled completion date that extends beyond the POA&M Item's scheduled completion date. - x-faker: - random.number: 1234567890 - example: 1715312304 - artifacts: - type: string - nullable: true - description: '[Read-Only] Lists the filenames of any artifact files attached to - the POA&M Item. Multiple values are separated by “; ”.' - x-faker: - random.arrayElement: - - - Test1.docx; Test2.xlsx - - Test3.docx; Test4.xlsx - - Test5.docx; Test6.xlsx - - Test7.docx; Test8.xlsx - example: Test1.docx; Test2.xlsx - #---------------------------------------------------------------------------- - # Milestones Fields - MilestonesFields: - properties: - milestones: - type: array - items: - $ref: "#/components/schemas/MilestonesGet" - #---------------------------------------------------------------------------- - # Hardware Baseline Fields - HwBaselineIds: - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 75 - HwBaselineRequiredFields: - properties: - assetName: - type: string - description: '[Required] Name of the hardware asset.' - x-faker: commerce.productName - example: Test Asset Name 11 - HwBaselineConditionalFields: - properties: - publicFacingFqdn : - type: string - nullable: true - description: '[Conditional] Public facing FQDN. Only applicable if Public Facing is set to true.' - x-faker: internet.domainName - example: test.com - publicFacingIpAddress: - type: string - nullable: true - description: '[Conditional] Public facing IP address. Only applicable if Public Facing is set to true.' - x-faker: internet.ip - example: 12.68.239.44 - publicFacingUrls : - type: string - nullable: true - description: '[Conditional] Public facing URLs. Only applicable if Public Facing is set to true.' - x-faker: internet.url - example: test.com - HwBaselineOptionalFields: - properties: - componentType: - type: string - nullable: true - description: '[Optional] Type of the hardware asset.' - x-faker: - random.arrayElement: - - - Firewall - - IDS/IPS - - KVM - - Router - - Server - - Switch - - Workstation - example: IDS/IPS - nickname: - type: string - nullable: true - description: '[Optional] Nickname of the hardware asset.' - x-faker: commerce.department - example: Hardware - assetIpAddress: - type: string - nullable: true - description: '[Optional] IP address of the hardware asset.' - x-faker: internet.ip - example: 79.102.116.145 - publicFacing: - type: boolean - nullable: true - description: '[Optional] Public facing is defined as any asset that is - accessible from a commercial connection.' - x-faker: random.boolean - example: true - virtualAsset: - type: boolean - nullable: true - description: '[Optional] Determine if this is a virtual hardware asset.' - x-faker: random.boolean - example: false - manufacturer: - type: string - nullable: true - description: '[Optional] Manufacturer of the hardware asset. Populated with - "Virtual" by default if Virtual Asset is true, however this can be overridden.' - x-faker: company.companyName - example: Test Manufacturer - modelNumber: - type: string - nullable: true - description: '[Optional] Model number of the hardware asset. Populated with - "Virtual" by default if Virtual Asset is true, however this can be overridden' - x-faker: system.semver - example: 1.0 - serialNumber: - type: string - nullable: true - description: '[Optional] Serial number of the hardware asset. Populated with - "Virtual" by default if Virtual Asset is true, however this can be overridden.' - x-faker: system.semver - example: 5.2.1.5 - OsIosFwVersion : - type: string - nullable: true - description: '[Optional] Operating System, IOS, or Firmware version of the hardware asset.' - x-faker: - random.arrayElement: - - - Winndows 10 - - Windows 11 - - Win Server 2000 - - iOS 18 - - iOS 19 - - Mac OS X 10.10 - - OS X Yosemite - - FW Version 2.3 - - FW Version 5.7 - example: Win Server 2000 - memorySizeType: - type: string - nullable: true - description: '[Optional] Memory size / type of the hardware asset.' - x-faker: - random.arrayElement: - - - 64 GB DIMM - - 128 MB DRAM - - 4 TB SRAM - - 32 GB SIM - example: 32 GB SIM - location: - type: string - nullable: true - description: '[Optional] Location of the hardware asset.' - x-faker: address.city - example: Test Location - approvalStatus: - type: string - nullable: true - description: '[Optional] Approval status of the hardware asset.' - x-faker: - random.arrayElement: - - - Approved - DISA UC APL - - Approved - FIPS 140-2 - - Approved - NIAP CCVES - - Approved - NSA Crypto - - Approved - NSA CSfC - - In Progress - - Unapproved - example: In Progress - criticalAsset: - type: boolean - nullable: true - description: '[Optional] Indicates whether the asset is a critical information system asset.' - x-faker: random.boolean - example: false - HwBaselineReadOnlyFields: - properties: - hardwareId: - type: string - nullable: true - description: '[Read-Only] GUID identifying the specific hardware asset. Required for a PUT call.' - x-faker: random.uuid - example: 0bcaba59-a4f4-4918-a267-aedee3ea750d - #---------------------------------------------------------------------------- - # Software Baseline Fields - SwBaselineIds: - properties: - systemId: - type: integer - format: int64 - description: '[Required] Unique eMASS system identifier.' - x-faker: random.number - example: 85 - SwBaselineRequiredFields: - properties: - softwareVendor: - type: string - description: '[Required] Vendor of the software asset.' - x-faker: company.companyName - example: Test Vendor - softwareName: - type: string - description: '[Required] Name of the software asset.' - x-faker: commerce.productName - example: Test Software Name 11 - version: - type: string - description: '[Required] Version of the software asset.' - x-faker: system.semver - example: 1.0 - SwBaselineConditionalFields: - properties: - approvalDate: - type: integer - format: int64 - nullable: true - description: '[Conditional] Approval date of the software asset. - If Approval Status is set to "Unapproved" or "In Progress", - Approval Date will be set to null.' - x-faker: - random.number: 1234567890 - example: 1715312304 - SwBaselineOptionalFields: - properties: - softwareType: - type: string - nullable: true - description: '[Optional] Type of the software asset.' - x-faker: - random.arrayElement: - - - COTS Application - - GOTS Application - - Office Automation - - Security Application - - Server Application - - Web Application - example: COTS Application - parentSystem: - type: string - nullable: true - description: '[Optional] Parent system of the software asset.' - x-faker: commerce.productName - example: Test Parent System - subsystem: - type: string - nullable: true - description: '[Optional] Subsystem of the software asset.' - x-faker: commerce.productName - example: Test Subsystem - network: - type: string - nullable: true - description: '[Optional] Network of the software asset.' - x-faker: commerce.productName - example: Test Network - hostingEnvironment: - type: string - nullable: true - description: '[Optional] Hosting environment of the software asset.' - x-faker: commerce.productName - example: Test Hosting Environment - softwareDependencies: - type: string - nullable: true - description: '[Optional] Dependencies of the software asset.' - x-faker: commerce.productName - example: Test Dependencies - cryptographicHash: - type: string - nullable: true - description: '[Optional] Cryptographic hash of the software asset.' - x-faker: - datatype.hexadecimal: 25 - example: Test Cryptographic Hash 32" - inServiceData: - type: string - nullable: true - description: '[Optional] In-service data of the software asset.' - x-faker: - random.words: 5 - example: Test In-Service Data - itBudgetUii: - type: string - nullable: true - description: '[Optional] IT budget UII of the software asset.' - x-faker: - random.words: 5 - example: Test IT Budget Uii - fiscalYear: - type: string - nullable: true - description: '[Optional] Fiscal year (FY) of the software asset.' - x-faker: - random.numeric: 4 - example: 2021 - popEndDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Period of performance (POP) end date of the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - licenseOrContract: - type: string - nullable: true - description: '[Optional] License or contract number of the software asset.' - x-faker: - random.words: 5 - example: Test License Or Contract 25 - licenseTerm: - type: string - nullable: true - description: '[Optional] License term of the software asset.' - x-faker: - random.words: 5 - example: Test License Term 25 - costPerLicense: - type: number - format: double - nullable: true - description: '[Optional] Cost per license of the software asset. - Number will be converted to display 2 decimal points.' - x-faker: - random.number: - min: 100 - max: 1000 - precision: 0.01 - decimals: 2 - example: 250.25 - totalLicenses: - type: integer - format: int64 - nullable: true - description: '[Optional] Total licenses of the software asset.' - x-faker: - random.number: 5000 - example: 100 - totalLicenseCost: - type: number - format: double - nullable: true - description: '[Optional] Total license cost of the software asset. - Number will be converted to display 2 decimal points.' - x-faker: - random.number: - min: 100 - max: 1000 - precision: 0.01 - decimals: 2 - example: 2250.25 - licensesUsed: - type: integer - format: int64 - nullable: true - description: '[Optional] Number of licenses used for the software asset.' - x-faker: - random.number: 5000 - example: 100 - licensePoc: - type: string - nullable: true - description: '[Optional] Point of contact (POC) for the software asset.' - x-faker: name.findName - example: Smith, Joe - licenseRenewalDate: - type: integer - format: int64 - nullable: true - description: '[Optional] License renewal date for the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - licenseExpirationDate: - type: integer - format: int64 - nullable: true - description: '[Optional] License expiration date for the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - approvalStatus: - type: string - nullable: true - description: '[Optional] Approval status of the software asset.' - x-faker: - random.arrayElement: - - - Approved - DISA UC APL - - Approved - FIPS 140-2 - - Approved - NIAP CCVES - - Approved - NSA Crypto - - Approved - NSA CSfC - - In Progress - - Unapproved - example: In Progress - releaseDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Release date of the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - maintenanceDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Maintenance date of the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - retirementDate: - type: integer - format: int64 - nullable: true - description: '[Optional] Retirement date of the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - endOfLifeSupportDate: - type: integer - format: int64 - nullable: true - description: '[Optional] End of life support date of the software asset.' - x-faker: - random.number: 1234567890 - example: 1715312304 - extendedEndOfLifeSupportDate : - type: integer - format: int64 - nullable: true - description: '[Optional] If set, the Extended End of Life/Support - Date cannot occur prior to the End of Life/Support Date.' - x-faker: - random.number: 1234567890 - example: 1715312304 - criticalAsset: - type: boolean - nullable: true - description: '[Optional] Indicates whether the asset is a critical information system asset.' - x-faker: random.boolean - example: false - location: - type: string - nullable: true - description: '[Optional] Location of the software asset.' - x-faker: address.city - example: Test Location - purpose: - type: string - nullable: true - description: '[Optional] Purpose of the software asset.' - x-faker: random.words - example: Test Purpose - unsupportedOperatingSystem: - type: boolean - nullable: true - description: '[Optional] Unsupported operating system. VA only.' - x-faker: random.boolean - example: false - unapprovedSoftwareFromTrm: - type: boolean - nullable: true - description: '[Optional] Unapproved software from TRM. VA only' - x-faker: random.boolean - example: false - approvedWaiver: - type: boolean - nullable: true - description: '[Optional] Approved waiver. VA only' - x-faker: random.boolean - example: false - SwBaselineReadOnlyFields: - properties: - softwareId: - type: string - nullable: true - description: '[Read-Only] GUID identifying the specific software asset.' - x-faker: random.uuid - example: 171fc7d0-6957-4f54-bd51-3b7cbc6c39d5 - - #---------------------------------------------------------------------------- - # HTTP 200 common response code value - #---------------------------------------------------------------------------- - Response200: - title: OK - type: object - additionalProperties: false - properties: - code: - type: integer - format: int32 - minimum: 200 - maximum: 200 - default: 200 - - #---------------------------------------------------------------------------- - # HTTP 200 pagination response - #---------------------------------------------------------------------------- - Pagination: - title: Pagination - type: object - additionalProperties: false - properties: - pageIndex: - type: integer - x-faker: - random.numeric: 2 - example: 1 - pageSize: - type: integer - x-faker: - random.numeric: 5 - example: 20000 - totalCount: - type: integer - x-faker: - random.numeric: 2 - example: 4 - totalPages: - type: integer - x-faker: - random.numeric: 2 - example: 1 - prevPageUrl: - type: string - x-faker: internet.url - example: https://myfakeurl.reponse.page.com?PreviousPage - nextPageUrl: - type: string - x-faker: internet.url - example: https://myfakeurl.reponse.page.com?NextPage - - #---------------------------------------------------------------------------- - # Schema for error response body - #---------------------------------------------------------------------------- - Errors: - type: array - nullable: true - minItems: 1 - maxItems: 25 - items: - example: key:value - x-faker: - random.arrayElement: - - - 'key: Error message 1' - - 'key: Error message 2' - - 'key: Error message 3' - - 'key: Error message 4' - - 'key: Error message 5' - - #---------------------------------------------------------------------------- - # HTTP response status codes - Description/Likely Causes - #---------------------------------------------------------------------------- - responses: - #------------- - # 200: Dashboard OK - DashboarOK: - description: OK - content: - application/json: - schema: - type: object - #------------- - # 200: Dashboard Response - DashboardResponse: - description: Pagination response schema - content: - application/json: - schema: - type: object - additionalProperties: false - properties: - meta: - $ref: '#/components/schemas/Response200' - data: - type: array - items: - type: object - pagination: - $ref: '#/components/schemas/Pagination' - #------------- - # 201: Created - Created: - description: Created - content: - application/json: - schema: - title: Created - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 201 - maximum: 201 - default: 201 - message: - type: string - default: Request was fulfilled and resulted in on or more new resources being - successfully created on the server. - #----------------- - # 400: Bad Request - BadRequest: - description: Bad Request - content: - application/json: - schema: - title: Bad Request - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 400 - maximum: 400 - default: 400 - errorMessage: - type: string - default: Request could not be understood by the server due to incorrect syntax - or an unexpected format - #------------------ - # 401: Unauthorized - Unauthorized: - description: Unauthorized - content: - application/json: - schema: - title: Unauthorized - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 401 - maximum: 401 - default: 401 - errorMessage: - type: string - default: Request has failed to provide suitable authentication from the client - #--------------- - # 403: Forbidden - Forbidden: - description: Forbidden - content: - application/json: - schema: - title: Forbidden - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 403 - maximum: 403 - default: 403 - errorMessage: - type: string - default: Request was blocked by the application due to a lack of client - permissions to the API or to a specific endpoint - #--------------- - # 404: Not Found - NotFound: - description: Not Found - content: - application/json: - schema: - title: Not Found - type: object - additionalProperties: false - properties: - code: - type: integer - format: int32 - minimum: 404 - maximum: 404 - default: 404 - errorMessage: - type: string - default: Request has failed because the URL provided in the request did not - match any available endpoint locations - #------------------------ - # 405: Method Not Allowed - MethodNotAllowed: - description: Method Not Allowed - content: - application/json: - schema: - title: Method Not Allowed - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 405 - maximum: 405 - default: 405 - errorMessage: - type: string - default: Request was made with a verb (GET, POST, etc.) that is not permitted - for the endpoint - #--------------------- - # 411: Length Required - LengthRequired: - description: Length Required - content: - application/json: - schema: - title: Length Required - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 411 - maximum: 411 - default: 411 - errorMessage: - type: string - default: Request was of type POST and failed to provide the server information - about the data/content length being submitted - #--------------------- - # 490: API Rule Failed - APIRuleFailed: - description: API Rule Failed - content: - application/json: - schema: - title: API Rule Failed - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 490 - maximum: 490 - default: 490 - errorMessage: - type: string - default: Request has failed because too much data was requested in a single - batch. This error is specific to eMASS - #--------------------------- - # 500: Internal Server Error - InternalServerError: - description: Internal Server Error - content: - application/json: - schema: - title: Internal Server Error - type: object - additionalProperties: false - properties: - meta: - type: object - properties: - code: - type: integer - format: int32 - minimum: 500 - maximum: 500 - default: 500 - errorMessage: - type: string - default: Server encountered an unexpected condition which prevented it from - fulfilling the request - - #---------------------------------------------------------------------------- - # Security schemes - Define the key name and location - #---------------------------------------------------------------------------- - securitySchemes: - apiKey: - type: apiKey - in: header - name: api-key - description: | - The API key must be provided in the request header for all eMASS endpoint calls.

**For connecting to a mock server, any value is acceptable, e.g., 123** - userId: - type: apiKey - in: header - name: user-uid - description: | - This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls.
Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC.

**For connecting to a mock server, any value is acceptable, e.g., 123** - mockType: - type: apiKey - in: header - name: Prefer - description: | - This header parameter is ony utilized when interacting with the mock server.
Options are (enter in the **Value** textbox): - - For random response values `code=200, dynamic=true` - - For static response values `code=200` -#------------------------------------------------------------------------------- -# S E C U R I T Y - Apply the API key globally to all operations -#------------------------------------------------------------------------------- -security: - - apiKey: [] # use the same name as defined in securitySchemes - userId: [] # Multiple apikey are used with the apikey (apiKey AND userId) - - mockType: [] # use the same name as defined in securitySchemes \ No newline at end of file diff --git a/emass/entrypoint.sh b/emass/entrypoint.sh deleted file mode 100644 index 0a4a653..0000000 --- a/emass/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -prism mock eMASSRestOpenApi.yaml --host 0.0.0.0 --port 4010 diff --git a/tools/Dockerfile b/fastmcp/Dockerfile similarity index 59% rename from tools/Dockerfile rename to fastmcp/Dockerfile index 39900ed..b24b8ef 100644 --- a/tools/Dockerfile +++ b/fastmcp/Dockerfile @@ -1,8 +1,15 @@ -FROM alpine:3.22 +FROM alpine:3.23 AS stage_1 +WORKDIR /home/swordfish/ +RUN apk add --no-cache --update curl &&\ + curl -kL --output emu "https://github.com/deathlabs/emu/releases/download/v4.0.0/emu-linux-amd64" &&\ + chmod +x emu + +FROM alpine:3.23 LABEL image.authors="Vic Fernandez III <@cyberphor>" WORKDIR /home/swordfish/ -COPY swordfish/ swordfish/ +COPY --from=stage_1 /home/swordfish/emu /usr/local/bin/emu COPY requirements.txt requirements.txt +COPY swordfish/ swordfish/ RUN apk add --no-cache --update python3 py3-pip &&\ pip install --break-system-packages -r requirements.txt &&\ adduser -D swordfish -h /home/swordfish &&\ diff --git a/tools/requirements.txt b/fastmcp/requirements.txt similarity index 100% rename from tools/requirements.txt rename to fastmcp/requirements.txt diff --git a/agent/smollm2-360m-instruct-q8_0/swordfish/__init__.py b/fastmcp/swordfish/__init__.py similarity index 100% rename from agent/smollm2-360m-instruct-q8_0/swordfish/__init__.py rename to fastmcp/swordfish/__init__.py diff --git a/fastmcp/swordfish/main.py b/fastmcp/swordfish/main.py new file mode 100644 index 0000000..ff7444f --- /dev/null +++ b/fastmcp/swordfish/main.py @@ -0,0 +1,179 @@ +# Standard library imports. +from base64 import b64decode +from json import dumps, loads +from logging import basicConfig, DEBUG, getLogger +from logging.config import dictConfig +from os import environ, path +from ssl import SSLContext, PROTOCOL_TLS_CLIENT +from subprocess import PIPE, Popen +from tempfile import NamedTemporaryFile +from urllib.request import urlopen, Request + +# Third party imports. +from fastmcp import FastMCP +from fastmcp.dependencies import CurrentHeaders + +# Configure the FastMCP server's log settings. +dictConfig( + { + "version": 1, + "formatters": { + "default": { + "format": "%(asctime)s %(levelname)s %(message)s", + "datefmt": "%Y-%m-%d %H:%M:%S", + } + }, + "handlers": { + "default": { + "class": "logging.StreamHandler", + "formatter": "default", + } + }, + "root": { + "handlers": ["default"], + "level": "INFO", + }, + "loggers": { + "uvicorn": {"handlers": ["default"], "propagate": False}, + "uvicorn.error": {"handlers": ["default"], "propagate": False}, + "uvicorn.access": {"handlers": ["default"], "propagate": False}, + }, + } +) +logger = getLogger(__name__) + +# Set and check environment variables. +EMASS_API_URL = environ["EMASS_API_URL"] +DOD_CERTS_PATH = environ["DOD_CERTS_PATH"] +if not path.exists(DOD_CERTS_PATH): + raise RuntimeError(f"DOD_CERTS_PATH not found: {DOD_CERTS_PATH}") + +# Init a FastMCP server. +mcp = FastMCP(name="swordfish") + + +# Builds SSL context for HTTPS requests made by the FastMCP server. +def _build_ssl_context(public_cert_pem: bytes, private_key_pem: bytes) -> SSLContext: + ctx = SSLContext(PROTOCOL_TLS_CLIENT) + ctx.load_verify_locations(DOD_CERTS_PATH) + with ( + NamedTemporaryFile("wb", delete=False, suffix=".pem") as cert_file, + NamedTemporaryFile("wb", delete=False, suffix=".pem") as key_file, + ): + cert_file.write(public_cert_pem) + cert_file.flush() + cert_path = cert_file.name + key_file.write(private_key_pem) + key_file.flush() + key_path = key_file.name + ctx.load_cert_chain(certfile=cert_path, keyfile=key_path) + return ctx + + +# Parses HTTP headers by name. +def _get_headers(headers: dict[str, str], name: str) -> str: + value = headers.get(name) + if not value: + raise ValueError(f"missing required header: {name}") + return value + + +# Sends an HTTP GET request to eMASS. +def _emass_get_request(path: str, headers: dict[str, str]) -> dict: + api_key = _get_headers(headers, "x-emass-api-key") + user_uid = _get_headers(headers, "x-emass-user-uid") + public_cert_pem = b64decode(_get_headers(headers, "x-emass-public-cert")) + private_key_pem = b64decode(_get_headers(headers, "x-emass-private-key")) + ctx = _build_ssl_context(public_cert_pem, private_key_pem) + request = Request( + url=f"{EMASS_API_URL}{path}", + headers={ + "api-key": api_key, + "user-uid": user_uid, + "accept": "application/json", + "content-type": "application/json", + }, + ) + with urlopen(request, context=ctx, timeout=240) as response: + return loads(response.read()) + + +@mcp.tool(description="Test connectivity to eMASS.") +def test_connection( + headers: dict[str, str] = CurrentHeaders(), +) -> dict: + response = _emass_get_request("/api", headers) + logger.log(level=DEBUG, msg=response) + return response + + +@mcp.tool(description="Get details for a specific eMASS system by its system ID.") +def get_system(system_id: int, headers: dict[str, str] = CurrentHeaders()) -> dict: + response = _emass_get_request(f"/api/systems/{system_id}", headers) + logger.log(level=DEBUG, msg=response) + return response + + +@mcp.tool(description="Get information about a specific system's artifacts in eMASS.") +def get_artifacts(system_id: int, headers: dict[str, str] = CurrentHeaders()) -> list: + api_key = _get_headers(headers, "x-emass-api-key") + user_uid = _get_headers(headers, "x-emass-user-uid") + public_cert_pem = b64decode(_get_headers(headers, "x-emass-public-cert")) + private_key_pem = b64decode(_get_headers(headers, "x-emass-private-key")) + with ( + NamedTemporaryFile("wb", delete=False, suffix=".pem") as cert_file, + NamedTemporaryFile("wb", delete=False, suffix=".pem") as key_file, + NamedTemporaryFile("w", delete=False, suffix=".yaml") as config_file, + ): + cert_file.write(public_cert_pem) + cert_file.flush() + key_file.write(private_key_pem) + key_file.flush() + config_file.write( + f"""--- +url: {EMASS_API_URL} +profiles: + - name: default + publicKeyPath: {cert_file.name} + privateKeyPath: {key_file.name} +systems: + - name: target + id: {system_id} + profile: default +settings: + output: + format: json +""" + ) + config_file.flush() + env = environ.copy() + env["EMASS_USER_UID_DEFAULT"] = user_uid + env["EMASS_API_KEY_DEFAULT"] = api_key + process = Popen( + [ + "emu", + "get", + "artifacts", + "--system-id", + str(system_id), + "--config", + config_file.name, + ], + stdout=PIPE, + stderr=PIPE, + text=True, + env=env, + ) + output, errors = process.communicate(timeout=300) + + if process.returncode != 0: + raise RuntimeError(f"emu failed: {errors}") + return loads(dumps({"output": output, "errors": errors})) + + +if __name__ == "__main__": + mcp.run( + transport="streamable-http", + host="0.0.0.0", + port=8282, + ) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 581711b..cf932c9 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,12 +1,13 @@ FROM alpine:3.23 LABEL image.authors="Victor Fernandez III, <@cyberphor>" WORKDIR /home/swordfish -COPY .streamlit .streamlit -COPY entrypoint.sh entrypoint.sh -COPY swordfish/ swordfish/ COPY requirements.txt requirements.txt RUN apk add --no-cache --update python3 py3-pip &&\ - pip install --break-system-packages -r requirements.txt &&\ - chmod +x entrypoint.sh + pip install --break-system-packages -r requirements.txt +COPY .streamlit .streamlit +COPY swordfish/ swordfish/ +RUN adduser -D swordfish -h /home/swordfish &&\ + chown -R swordfish:swordfish /home/swordfish +USER swordfish EXPOSE 8501 -ENTRYPOINT [ "./entrypoint.sh" ] +ENTRYPOINT [ "streamlit", "run", "swordfish/main.py" ] diff --git a/frontend/entrypoint.sh b/frontend/entrypoint.sh deleted file mode 100644 index aacf7e4..0000000 --- a/frontend/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -set -e -streamlit run swordfish/main.py \ No newline at end of file diff --git a/frontend/swordfish/logo.svg b/frontend/swordfish/logo.svg new file mode 100644 index 0000000..1fd9cc1 --- /dev/null +++ b/frontend/swordfish/logo.svg @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/frontend/swordfish/main.py b/frontend/swordfish/main.py index 864bae2..55ca946 100644 --- a/frontend/swordfish/main.py +++ b/frontend/swordfish/main.py @@ -1,27 +1,165 @@ +# Standard library imports. +from os import environ +from requests import get, post +from pathlib import Path +from urllib.parse import quote +from uuid import uuid4 + +# Third party imports. import streamlit as st -import requests -import uuid -st.title("Swordfish") +# Set constants. +BACKEND_ENDPOINT = environ["BACKEND_ENDPOINT"] +PROMPT_SUGGESTIONS = [ + "test connectivity to eMASS", + "get data about a system", + "is this cyber tasking order applicable to any of my emass records?", +] + +# Set session state. +if "profiles" not in st.session_state: + st.session_state.profiles = [] +profiles = st.session_state.profiles + +if "selected_profile_name" not in st.session_state: + st.session_state.selected_profile_name = None if "session_id" not in st.session_state: - st.session_state.session_id = str(uuid.uuid4()) + st.session_state.session_id = str(uuid4()) if "messages" not in st.session_state: st.session_state.messages = [] +# Setup page. +st.title("Swordfish") +st.set_page_config(page_title="Swordfish") + +# Set the logo. +svg_content = (Path(__file__).parent / "logo.svg").read_text() +svg_encoded = quote(svg_content) +st.markdown( + f""" + +""", + unsafe_allow_html=True, +) + + +# Get JWT. +def get_token_from_headers() -> str | None: + headers = st.context.headers + if not headers: + return None + auth = headers.get("Authorization") + if auth and auth.startswith("Bearer "): + return auth[len("Bearer ") :].strip() + return None + + +def init_user() -> dict: + """Call backend to upsert user and return their profiles.""" + token = get_token_from_headers() + headers = {"Authorization": f"Bearer {token}"} if token else {} + response = get( + url=f"{BACKEND_ENDPOINT}/users", + headers=headers, + timeout=10, + ) + response.raise_for_status() + return response.json() + + +if st.button("Create Account"): + response = get(url=f"{BACKEND_ENDPOINT}/users") + st.write(response.json()) + +with st.sidebar: + st.header("Profiles") + with st.form("profile_form", clear_on_submit=True): + name = st.text_input("Profile Name") + user_uid = st.text_input("User UID", type="password") + api_key = st.text_input("API Key", type="password") + public_key = st.file_uploader("Public Key", type=["crt", "cer", "pem"]) + private_key = st.file_uploader("Private Key", type=["pem", "key", "txt"]) + submitted = st.form_submit_button("Save Profile") + if submitted: + if ( + not name + or not user_uid + or not api_key + or not public_key + or not private_key + ): + st.error("All fields are required.") + elif any(profile["name"] == name for profile in profiles): + st.error("Profile name already exists.") + else: + profiles.append( + { + "name": name, + "user_uid": user_uid, + "api_key": api_key, + "public_key_name": public_key.name, + "public_key_bytes": public_key.getvalue(), + "private_key_name": private_key.name, + "private_key_bytes": private_key.getvalue(), + } + ) + st.session_state.selected_profile_name = name + st.rerun() + profile_names = [profile["name"] for profile in profiles] + if profile_names: + current_index = 0 + if st.session_state.selected_profile_name in profile_names: + current_index = profile_names.index(st.session_state.selected_profile_name) + st.session_state.selected_profile_name = st.radio( + "Choose profile", + options=profile_names, + index=current_index, + ) + + for index, profile in enumerate(profiles): + with st.expander(profile["name"]): + st.write(f'User UID: {profile["user_uid"]}') + st.write(f'API Key: {"*" * len(profile["api_key"])}') + st.write(f'Public Key: {profile["public_key_name"]}') + st.write(f'Private Key: {profile["private_key_name"]}') + if st.button("Delete", key=f"delete_{index}"): + deleted_name = profile["name"] + profiles.pop(index) + if st.session_state.selected_profile_name == deleted_name: + st.session_state.selected_profile_name = ( + profiles[0]["name"] if profiles else None + ) + st.rerun() + +selected_profile = next( + ( + profile + for profile in profiles + if profile["name"] == st.session_state.selected_profile_name + ), + None, +) + +if selected_profile: + st.caption(f'Using profile: {selected_profile["name"]}') +else: + st.caption("No profile selected") + for message in st.session_state.messages: with st.chat_message(message["role"]): st.markdown(message["content"]) -PROMPT_SUGGESTIONS = [ - "draft a poam entry for the latest finding", - "summarize the risk posture of my oldest information system", - "is this cyber tasking order applicable to any of my emass records?", -] - selected_prompt = None - if not st.session_state.messages: cols = st.columns(len(PROMPT_SUGGESTIONS)) for col, chip in zip(cols, PROMPT_SUGGESTIONS): @@ -33,26 +171,41 @@ if prompt: st.session_state.messages.append({"role": "user", "content": prompt}) - with st.chat_message("user"): st.markdown(prompt) - response = requests.post( - "http://swordfish-agent:8181/api/v1/", - json={ - "message": prompt, - "session_id": st.session_state.session_id - }, - timeout=60, - ) - - response.raise_for_status() - text = response.json() + if not selected_profile: + text = "No profile selected." + else: + response = post( + f"{BACKEND_ENDPOINT}/agent", + data={ + "message": prompt, + "session_id": st.session_state.session_id, + "user_uid": selected_profile["user_uid"], + "api_key": selected_profile["api_key"], + }, + files={ + "public_key": ( + selected_profile["public_key_name"], + selected_profile["public_key_bytes"], + "application/x-pem-file", + ), + "private_key": ( + selected_profile["private_key_name"], + selected_profile["private_key_bytes"], + "application/x-pem-file", + ), + }, + timeout=120, + ) + response.raise_for_status() + text = response.json() st.session_state.messages.append({"role": "assistant", "content": text}) with st.chat_message("assistant"): st.markdown(text) - + if selected_prompt: st.rerun() diff --git a/postgres/Dockerfile b/postgres/Dockerfile new file mode 100644 index 0000000..2132757 --- /dev/null +++ b/postgres/Dockerfile @@ -0,0 +1,13 @@ +FROM alpine:3.23 +LABEL image.authors="Victor Fernandez III <@cyberphor>" +WORKDIR /home/postgres +COPY entrypoint.sh entrypoint.sh +RUN apk add --no-cache postgresql postgresql-contrib libpq-dev &&\ + chmod u+x /home/postgres/entrypoint.sh &&\ + mkdir /var/lib/postgresql/data &&\ + mkdir /run/postgresql &&\ + chown -R postgres:postgres /var/lib/postgresql/data &&\ + chown -R postgres:postgres /run/postgresql +USER postgres +EXPOSE 5432 +CMD [ "./entrypoint.sh" ] diff --git a/postgres/entrypoint.sh b/postgres/entrypoint.sh new file mode 100644 index 0000000..c0bdab7 --- /dev/null +++ b/postgres/entrypoint.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env sh + +set -e + +# Initialize Postgres. +if [ ! -f "/var/lib/postgresql/data/PG_VERSION" ]; then + # Create the prerequisite databases. + initdb -D /var/lib/postgresql/data + + # Start Postgres as a background process. + postgres -D /var/lib/postgresql/data & + POSTGRES_PID=$! + + # Wait for Postgres to start. + until pg_isready; do + sleep 1 + done + + # On first boot, set the password and then, create the database and tables required. + psql -U "$PGUSER" -d postgres -c "ALTER USER postgres WITH PASSWORD '$PGPASSWORD';" + psql -U "$PGUSER" -d postgres -c "CREATE DATABASE $PGDATABASE;" + psql -U "$PGUSER" -d $PGDATABASE </dev/null || true + + # Configure Postgres to listen on all network interfaces. + echo "listen_addresses = '*'" >>/var/lib/postgresql/data/postgresql.conf + + # Configure Postgres to authenticate every user of every database from every IP address using MD5. + echo "host all all 0.0.0.0/0 md5" >>/var/lib/postgresql/data/pg_hba.conf +fi + +# Start Postgres in the foreground. +exec postgres -D /var/lib/postgresql/data diff --git a/postgres/manage.sh b/postgres/manage.sh new file mode 100644 index 0000000..5fd21d4 --- /dev/null +++ b/postgres/manage.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +init() { + psql -U "$PGUSER" -d $PGDATABASE < dict: - return { - "api-key": EMASS_API_KEY, - "user-uid": EMASS_USER_UID, - "accept": "application/json", - "content-type": "application/json", - } - - -def _get(path: str, params: dict = None) -> dict: - url = f"{EMASS_BASE_URL}{path}" - response = httpx.get(url, headers=_headers(), params=params, timeout=30) - response.raise_for_status() - return response.json() - - -def _post(path: str, body: list) -> dict: - url = f"{EMASS_BASE_URL}{path}" - response = httpx.post(url, headers=_headers(), json=body, timeout=30) - response.raise_for_status() - return response.json() - - -def _put(path: str, body: list) -> dict: - url = f"{EMASS_BASE_URL}{path}" - response = httpx.put(url, headers=_headers(), json=body, timeout=30) - response.raise_for_status() - return response.json() - - -def _delete(path: str, body: list) -> dict: - url = f"{EMASS_BASE_URL}{path}" - response = httpx.request("DELETE", url, headers=_headers(), json=body, timeout=30) - response.raise_for_status() - return response.json() - -@mcp.tool(description="Test the connection to the eMASS API.") -def test_connection() -> dict: - return _get("/api") - -# Systems - -@mcp.tool(description="Get a list of all systems the user has access to in eMASS.") -def get_systems( - include_decommissioned: bool = False, - policy: str = None, -) -> dict: - params = {"includeDecommissioned": include_decommissioned} - if policy: - params["policy"] = policy - return _get("/api/systems", params=params) - - -@mcp.tool(description="Get details for a specific eMASS system by its system ID.") -def get_system(system_id: int) -> dict: - return _get(f"/api/systems/{system_id}") - -# Controls - -@mcp.tool(description="Get security controls for a system. Optionally filter by control acronyms (comma-separated, e.g. 'AC-1,AC-2').") -def get_controls(system_id: int, acronyms: str = None) -> dict: - params = {} - if acronyms: - params["acronyms"] = acronyms - return _get(f"/api/systems/{system_id}/controls", params=params) - - -@mcp.tool(description=( - "Update one or more security controls for a system. " - "Each item requires: acronym, responsibleEntities, controlDesignation, " - "estimatedCompletionDate (epoch int), implementationNarrative. " - "Pass a list of control objects as `controls`." -)) -def update_controls(system_id: int, controls: list[dict]) -> dict: - return _put(f"/api/systems/{system_id}/controls", controls) - -# Test Results - -@mcp.tool(description="Get test results for a system. Optionally filter by control acronyms or CCIs.") -def get_test_results( - system_id: int, - control_acronyms: str = None, - ccis: str = None, - latest_only: bool = True, -) -> dict: - params = {"latestOnly": latest_only} - if control_acronyms: - params["controlAcronyms"] = control_acronyms - if ccis: - params["ccis"] = ccis - return _get(f"/api/systems/{system_id}/test-results", params=params) - - -@mcp.tool(description=( - "Add one or more test results to a system. " - "Each item requires: testedBy (str), testDate (epoch int), description (str), " - "complianceStatus (str), assessmentProcedure (str). " - "Pass a list of test result objects as `results`." -)) -def add_test_results(system_id: int, results: list[dict]) -> dict: - return _post(f"/api/systems/{system_id}/test-results", results) - -# POA&Ms - -@mcp.tool(description="Get POA&M items for a system. Optionally filter by control acronyms or date range (epoch seconds).") -def get_poams( - system_id: int, - control_acronyms: str = None, - scheduled_completion_date_start: int = None, - scheduled_completion_date_end: int = None, -) -> dict: - params = {} - if control_acronyms: - params["controlAcronyms"] = control_acronyms - if scheduled_completion_date_start: - params["scheduledCompletionDateStart"] = scheduled_completion_date_start - if scheduled_completion_date_end: - params["scheduledCompletionDateEnd"] = scheduled_completion_date_end - return _get(f"/api/systems/{system_id}/poams", params=params) - - -@mcp.tool(description=( - "Add one or more POA&M items to a system. " - "Each item requires: status, vulnerabilityDescription, sourceIdentifyingVulnerability, " - "pocOrganization, resources. " - "Conditional fields (include when applicable): scheduledCompletionDate (epoch int), " - "completionDate (epoch int), comments, severity, pocFirstName, pocLastName, " - "pocEmail, pocPhoneNumber. " - "Pass a list of POA&M objects as `poams`." -)) -def add_poams(system_id: int, poams: list[dict]) -> dict: - return _post(f"/api/systems/{system_id}/poams", poams) - - -@mcp.tool(description=( - "Update one or more existing POA&M items in a system. " - "Each item requires: poamId, displayPoamId, status, vulnerabilityDescription, " - "sourceIdentifyingVulnerability, pocOrganization, resources. " - "Pass a list of POA&M objects as `poams`." -)) -def update_poams(system_id: int, poams: list[dict]) -> dict: - return _put(f"/api/systems/{system_id}/poams", poams) - - -@mcp.tool(description=( - "Delete one or more POA&M items from a system. " - "Pass a list of objects each containing a single `poamId` (int) as `poam_ids`. " - "Example: [{'poamId': 45}, {'poamId': 46}]" -)) -def delete_poams(system_id: int, poam_ids: list[dict]) -> dict: - return _delete(f"/api/systems/{system_id}/poams", poam_ids) - -def _serper_search(query: str, num_results: int = 10) -> dict: - response = httpx.post( - "https://google.serper.dev/search", - headers={"X-API-KEY": SERPER_API_KEY, "content-type": "application/json"}, - json={"q": query, "num": num_results}, - timeout=30, - ) - response.raise_for_status() - return response.json() - -@mcp.tool(description="Search the web using Google (via Serper). Returns organic results, knowledge graph, and answer box when available.") -def web_search(query: str, num_results: int = 10) -> dict: - return _serper_search(query, num_results) - -if __name__ == "__main__": - mcp.run(transport="sse") \ No newline at end of file