assessment_results
trestle.oscal.assessment_results
¤
Classes¤
Activity (OscalBaseModel)
pydantic-model
¤
Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.
Source code in trestle/oscal/assessment_results.py
class Activity(OscalBaseModel):
"""
Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Assessment Activity Universally Unique Identifier',
)
title: Optional[str] = Field(
None,
description='The title for this included activity.',
title='Included Activity Title',
)
description: str = Field(
...,
description='A human-readable description of this included activity.',
title='Included Activity Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
steps: Optional[List[Step]] = Field(None)
related_controls: Optional[ReviewedControls] = Field(None, alias='related-controls')
responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
required
¤
A human-readable description of this included activity.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
related_controls: ReviewedControls
pydantic-field
¤
remarks: str
pydantic-field
¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole]
pydantic-field
¤
steps: List[trestle.oscal.assessment_results.Step]
pydantic-field
¤
title: str
pydantic-field
¤
The title for this included activity.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
AssessmentAssets (OscalBaseModel)
pydantic-model
¤
Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.
Source code in trestle/oscal/assessment_results.py
class AssessmentAssets(OscalBaseModel):
"""
Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.
"""
class Config:
extra = Extra.forbid
components: Optional[List[SystemComponent]] = Field(None)
assessment_platforms: List[common.AssessmentPlatform] = Field(..., alias='assessment-platforms')
AssessmentLog (OscalBaseModel)
pydantic-model
¤
A log of all assessment-related actions taken.
Source code in trestle/oscal/assessment_results.py
class AssessmentLog(OscalBaseModel):
"""
A log of all assessment-related actions taken.
"""
class Config:
extra = Extra.forbid
entries: List[Entry] = Field(...)
AssessmentResults (OscalBaseModel)
pydantic-model
¤
Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
Source code in trestle/oscal/assessment_results.py
class AssessmentResults(OscalBaseModel):
"""
Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Assessment Results Universally Unique Identifier',
)
metadata: common.Metadata
import_ap: ImportAp = Field(..., alias='import-ap')
local_definitions: Optional[LocalDefinitions] = Field(
None,
alias='local-definitions',
description=
'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
title='Local Definitions',
)
results: List[Result] = Field(...)
back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter: BackMatter
pydantic-field
¤
import_ap: ImportAp
pydantic-field
required
¤
local_definitions: LocalDefinitions
pydantic-field
¤
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
metadata: Metadata
pydantic-field
required
¤
results: List[trestle.oscal.assessment_results.Result]
pydantic-field
required
¤
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Attestation (OscalBaseModel)
pydantic-model
¤
A set of textual statements, typically written by the assessor.
Source code in trestle/oscal/assessment_results.py
class Attestation(OscalBaseModel):
"""
A set of textual statements, typically written by the assessor.
"""
class Config:
extra = Extra.forbid
responsible_parties: Optional[List[common.ResponsibleParty]] = Field(None, alias='responsible-parties')
parts: List[common.AssessmentPart] = Field(...)
Characterization (OscalBaseModel)
pydantic-model
¤
A collection of descriptive data about the containing object from a specific origin.
Source code in trestle/oscal/assessment_results.py
class Characterization(OscalBaseModel):
"""
A collection of descriptive data about the containing object from a specific origin.
"""
class Config:
extra = Extra.forbid
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
origin: Origin
facets: List[common.Facet] = Field(...)
facets: List[trestle.oscal.common.Facet]
pydantic-field
required
¤
links: List[trestle.oscal.common.Link]
pydantic-field
¤
origin: Origin
pydantic-field
required
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
ControlSelection (OscalBaseModel)
pydantic-model
¤
Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
Source code in trestle/oscal/assessment_results.py
class ControlSelection(OscalBaseModel):
"""
Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
"""
class Config:
extra = Extra.forbid
description: Optional[str] = Field(
None,
description='A human-readable description of in-scope controls specified for assessment.',
title='Assessed Controls Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
include_all: Optional[common.IncludeAll] = Field(None, alias='include-all')
include_controls: Optional[List[SelectControlById]] = Field(None, alias='include-controls')
exclude_controls: Optional[List[SelectControlById]] = Field(None, alias='exclude-controls')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
¤
A human-readable description of in-scope controls specified for assessment.
exclude_controls: List[trestle.oscal.assessment_results.SelectControlById]
pydantic-field
¤
include_all: IncludeAll
pydantic-field
¤
include_controls: List[trestle.oscal.assessment_results.SelectControlById]
pydantic-field
¤
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Entry (OscalBaseModel)
pydantic-model
¤
Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.
Source code in trestle/oscal/assessment_results.py
class Entry(OscalBaseModel):
"""
Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Assessment Log Entry Universally Unique Identifier',
)
title: Optional[str] = Field(None, description='The title for this event.', title='Action Title')
description: Optional[str] = Field(
None,
description='A human-readable description of this event.',
title='Action Description',
)
start: datetime = Field(
...,
description='Identifies the start date and time of an event.',
title='Start',
)
end: Optional[datetime] = Field(
None,
description=
'Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.',
title='End',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
¤
A human-readable description of this event.
end: datetime
pydantic-field
¤
Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
logged_by: List[trestle.oscal.common.LoggedBy]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
related_tasks: List[trestle.oscal.common.RelatedTask]
pydantic-field
¤
remarks: str
pydantic-field
¤
start: datetime
pydantic-field
required
¤
Identifies the start date and time of an event.
title: str
pydantic-field
¤
The title for this event.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Entry1 (OscalBaseModel)
pydantic-model
¤
Identifies an individual risk response that occurred as part of managing an identified risk.
Source code in trestle/oscal/assessment_results.py
class Entry1(OscalBaseModel):
"""
Identifies an individual risk response that occurred as part of managing an identified risk.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Risk Log Entry Universally Unique Identifier',
)
title: Optional[str] = Field(None, description='The title for this risk log entry.', title='Title')
description: Optional[str] = Field(
None,
description='A human-readable description of what was done regarding the risk.',
title='Risk Task Description',
)
start: datetime = Field(
...,
description='Identifies the start date and time of the event.',
title='Start',
)
end: Optional[datetime] = Field(
None,
description=
'Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.',
title='End',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
status_change: Optional[constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
)] = Field(
None, alias='status-change'
)
related_responses: Optional[List[common.RelatedResponse]] = Field(None, alias='related-responses')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
¤
A human-readable description of what was done regarding the risk.
end: datetime
pydantic-field
¤
Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
logged_by: List[trestle.oscal.common.LoggedBy]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
related_responses: List[trestle.oscal.common.RelatedResponse]
pydantic-field
¤
remarks: str
pydantic-field
¤
start: datetime
pydantic-field
required
¤
Identifies the start date and time of the event.
status_change: ConstrainedStrValue
pydantic-field
¤
title: str
pydantic-field
¤
The title for this risk log entry.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Finding (OscalBaseModel)
pydantic-model
¤
Describes an individual finding.
Source code in trestle/oscal/assessment_results.py
class Finding(OscalBaseModel):
"""
Describes an individual finding.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Finding Universally Unique Identifier',
)
title: str = Field(..., description='The title for this finding.', title='Finding Title')
description: str = Field(
...,
description='A human-readable description of this finding.',
title='Finding Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
origins: Optional[List[Origin]] = Field(None)
target: FindingTarget
implementation_statement_uuid: Optional[constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
)] = Field(
None,
alias='implementation-statement-uuid',
description=
'A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.',
title='Implementation Statement UUID',
)
related_observations: Optional[List[RelatedObservation]] = Field(None, alias='related-observations')
related_risks: Optional[List[common.RelatedRisk]] = Field(None, alias='related-risks')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
required
¤
A human-readable description of this finding.
implementation_statement_uuid: ConstrainedStrValue
pydantic-field
¤
A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
origins: List[trestle.oscal.assessment_results.Origin]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
related_observations: List[trestle.oscal.assessment_results.RelatedObservation]
pydantic-field
¤
related_risks: List[trestle.oscal.common.RelatedRisk]
pydantic-field
¤
remarks: str
pydantic-field
¤
target: FindingTarget
pydantic-field
required
¤
title: str
pydantic-field
required
¤
The title for this finding.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
FindingTarget (OscalBaseModel)
pydantic-model
¤
Captures an assessor's conclusions regarding the degree to which an objective is satisfied.
Source code in trestle/oscal/assessment_results.py
class FindingTarget(OscalBaseModel):
"""
Captures an assessor's conclusions regarding the degree to which an objective is satisfied.
"""
class Config:
extra = Extra.forbid
type: common.Type1 = Field(
...,
description='Identifies the type of the target.',
title='Finding Target Type',
)
target_id: constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
) = Field(
...,
alias='target-id',
description='A machine-oriented identifier reference for a specific target qualified by the type.',
title='Finding Target Identifier Reference',
)
title: Optional[str] = Field(
None,
description='The title for this objective status.',
title='Objective Status Title',
)
description: Optional[str] = Field(
None,
description=
"A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.",
title='Objective Status Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
status: Status = Field(
...,
description='A determination of if the objective is satisfied or not within a given system.',
title='Objective Status',
)
implementation_status: Optional[common.ImplementationStatus] = Field(None, alias='implementation-status')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
¤
A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.
implementation_status: ImplementationStatus
pydantic-field
¤
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
status: Status
pydantic-field
required
¤
A determination of if the objective is satisfied or not within a given system.
target_id: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented identifier reference for a specific target qualified by the type.
title: str
pydantic-field
¤
The title for this objective status.
type: Type1
pydantic-field
required
¤
Identifies the type of the target.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
ImportAp (OscalBaseModel)
pydantic-model
¤
Used by assessment-results to import information about the original plan for assessing the system.
Source code in trestle/oscal/assessment_results.py
class ImportAp(OscalBaseModel):
"""
Used by assessment-results to import information about the original plan for assessing the system.
"""
class Config:
extra = Extra.forbid
href: str = Field(
...,
description='A resolvable URL reference to the assessment plan governing the assessment activities.',
title='Assessment Plan Reference',
)
remarks: Optional[str] = None
LocalDefinitions (OscalBaseModel)
pydantic-model
¤
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
Source code in trestle/oscal/assessment_results.py
class LocalDefinitions(OscalBaseModel):
"""
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
"""
class Config:
extra = Extra.forbid
objectives_and_methods: Optional[List[common.LocalObjective]] = Field(None, alias='objectives-and-methods')
activities: Optional[List[Activity]] = Field(None)
remarks: Optional[str] = None
LocalDefinitions1 (OscalBaseModel)
pydantic-model
¤
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
Source code in trestle/oscal/assessment_results.py
class LocalDefinitions1(OscalBaseModel):
"""
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
"""
class Config:
extra = Extra.forbid
components: Optional[List[SystemComponent]] = Field(None)
inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
users: Optional[List[common.SystemUser]] = Field(None)
assessment_assets: Optional[AssessmentAssets] = Field(None, alias='assessment-assets')
tasks: Optional[List[common.Task]] = Field(None)
assessment_assets: AssessmentAssets
pydantic-field
¤
components: List[trestle.oscal.assessment_results.SystemComponent]
pydantic-field
¤
inventory_items: List[trestle.oscal.common.InventoryItem]
pydantic-field
¤
tasks: List[trestle.oscal.common.Task]
pydantic-field
¤
users: List[trestle.oscal.common.SystemUser]
pydantic-field
¤
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Method (OscalBaseModel)
pydantic-model
¤
Source code in trestle/oscal/assessment_results.py
class Method(OscalBaseModel):
__root__: constr(regex=r'^\S(.*\S)?$') = Field(
...,
description='Identifies how the observation was made.',
title='Observation Method',
)
Model (OscalBaseModel)
pydantic-model
¤
Source code in trestle/oscal/assessment_results.py
class Model(OscalBaseModel):
assessment_results: AssessmentResults = Field(..., alias='assessment-results')
assessment_results: AssessmentResults
pydantic-field
required
¤
Observation (OscalBaseModel)
pydantic-model
¤
Describes an individual observation.
Source code in trestle/oscal/assessment_results.py
class Observation(OscalBaseModel):
"""
Describes an individual observation.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Observation Universally Unique Identifier',
)
title: Optional[str] = Field(None, description='The title for this observation.', title='Observation Title')
description: str = Field(
...,
description='A human-readable description of this assessment observation.',
title='Observation Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
methods: List[Method] = Field(...)
types: Optional[List[constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
)]] = Field(None)
origins: Optional[List[Origin]] = Field(None)
subjects: Optional[List[common.SubjectReference]] = Field(None)
relevant_evidence: Optional[List[common.RelevantEvidence]] = Field(None, alias='relevant-evidence')
collected: datetime = Field(
...,
description='Date/time stamp identifying when the finding information was collected.',
title='Collected Field',
)
expires: Optional[datetime] = Field(
None,
description=
'Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.',
title='Expires Field',
)
remarks: Optional[str] = None
Attributes¤
collected: datetime
pydantic-field
required
¤
Date/time stamp identifying when the finding information was collected.
description: str
pydantic-field
required
¤
A human-readable description of this assessment observation.
expires: datetime
pydantic-field
¤
Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
methods: List[trestle.oscal.assessment_results.Method]
pydantic-field
required
¤
origins: List[trestle.oscal.assessment_results.Origin]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
relevant_evidence: List[trestle.oscal.common.RelevantEvidence]
pydantic-field
¤
remarks: str
pydantic-field
¤
subjects: List[trestle.oscal.common.SubjectReference]
pydantic-field
¤
title: str
pydantic-field
¤
The title for this observation.
types: List[trestle.oscal.assessment_results.ConstrainedStrValue]
pydantic-field
¤
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Origin (OscalBaseModel)
pydantic-model
¤
Identifies the source of the finding, such as a tool, interviewed person, or activity.
Source code in trestle/oscal/assessment_results.py
class Origin(OscalBaseModel):
"""
Identifies the source of the finding, such as a tool, interviewed person, or activity.
"""
class Config:
extra = Extra.forbid
actors: List[common.OriginActor] = Field(...)
related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
RelatedObservation (OscalBaseModel)
pydantic-model
¤
Relates the finding to a set of referenced observations that were used to determine the finding.
Source code in trestle/oscal/assessment_results.py
class RelatedObservation(OscalBaseModel):
"""
Relates the finding to a set of referenced observations that were used to determine the finding.
"""
class Config:
extra = Extra.forbid
observation_uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
alias='observation-uuid',
description='A machine-oriented identifier reference to an observation defined in the list of observations.',
title='Observation Universally Unique Identifier Reference',
)
Response (OscalBaseModel)
pydantic-model
¤
Describes either recommended or an actual plan for addressing the risk.
Source code in trestle/oscal/assessment_results.py
class Response(OscalBaseModel):
"""
Describes either recommended or an actual plan for addressing the risk.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Remediation Universally Unique Identifier',
)
lifecycle: constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
) = Field(
...,
description=
'Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.',
title='Remediation Intent',
)
title: str = Field(..., description='The title for this response activity.', title='Response Title')
description: str = Field(
...,
description='A human-readable description of this response plan.',
title='Response Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
origins: Optional[List[Origin]] = Field(None)
required_assets: Optional[List[common.RequiredAsset]] = Field(None, alias='required-assets')
tasks: Optional[List[common.Task]] = Field(None)
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
required
¤
A human-readable description of this response plan.
lifecycle: ConstrainedStrValue
pydantic-field
required
¤
Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
origins: List[trestle.oscal.assessment_results.Origin]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
required_assets: List[trestle.oscal.common.RequiredAsset]
pydantic-field
¤
tasks: List[trestle.oscal.common.Task]
pydantic-field
¤
title: str
pydantic-field
required
¤
The title for this response activity.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Result (OscalBaseModel)
pydantic-model
¤
Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
Source code in trestle/oscal/assessment_results.py
class Result(OscalBaseModel):
"""
Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Results Universally Unique Identifier',
)
title: str = Field(..., description='The title for this set of results.', title='Results Title')
description: str = Field(
...,
description='A human-readable description of this set of test results.',
title='Results Description',
)
start: datetime = Field(
...,
description='Date/time stamp identifying the start of the evidence collection reflected in these results.',
title='start field',
)
end: Optional[datetime] = Field(
None,
description=
'Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.',
title='end field',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
local_definitions: Optional[LocalDefinitions1] = Field(
None,
alias='local-definitions',
description=
'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
title='Local Definitions',
)
reviewed_controls: ReviewedControls = Field(..., alias='reviewed-controls')
attestations: Optional[List[Attestation]] = Field(None)
assessment_log: Optional[AssessmentLog] = Field(
None,
alias='assessment-log',
description='A log of all assessment-related actions taken.',
title='Assessment Log',
)
observations: Optional[List[Observation]] = Field(None)
risks: Optional[List[Risk]] = Field(None)
findings: Optional[List[Finding]] = Field(None)
remarks: Optional[str] = None
Attributes¤
assessment_log: AssessmentLog
pydantic-field
¤
A log of all assessment-related actions taken.
attestations: List[trestle.oscal.assessment_results.Attestation]
pydantic-field
¤
description: str
pydantic-field
required
¤
A human-readable description of this set of test results.
end: datetime
pydantic-field
¤
Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.
findings: List[trestle.oscal.assessment_results.Finding]
pydantic-field
¤
links: List[trestle.oscal.common.Link]
pydantic-field
¤
local_definitions: LocalDefinitions1
pydantic-field
¤
Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
observations: List[trestle.oscal.assessment_results.Observation]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
reviewed_controls: ReviewedControls
pydantic-field
required
¤
risks: List[trestle.oscal.assessment_results.Risk]
pydantic-field
¤
start: datetime
pydantic-field
required
¤
Date/time stamp identifying the start of the evidence collection reflected in these results.
title: str
pydantic-field
required
¤
The title for this set of results.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
ReviewedControls (OscalBaseModel)
pydantic-model
¤
Identifies the controls being assessed and their control objectives.
Source code in trestle/oscal/assessment_results.py
class ReviewedControls(OscalBaseModel):
"""
Identifies the controls being assessed and their control objectives.
"""
class Config:
extra = Extra.forbid
description: Optional[str] = Field(
None,
description='A human-readable description of control objectives.',
title='Control Objective Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
control_selections: List[ControlSelection] = Field(..., alias='control-selections')
control_objective_selections: Optional[List[common.ControlObjectiveSelection]] = Field(
None, alias='control-objective-selections'
)
remarks: Optional[str] = None
Attributes¤
control_objective_selections: List[trestle.oscal.common.ControlObjectiveSelection]
pydantic-field
¤
control_selections: List[trestle.oscal.assessment_results.ControlSelection]
pydantic-field
required
¤
description: str
pydantic-field
¤
A human-readable description of control objectives.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Risk (OscalBaseModel)
pydantic-model
¤
An identified risk.
Source code in trestle/oscal/assessment_results.py
class Risk(OscalBaseModel):
"""
An identified risk.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Risk Universally Unique Identifier',
)
title: str = Field(..., description='The title for this risk.', title='Risk Title')
description: str = Field(
...,
description=
'A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.',
title='Risk Description',
)
statement: str = Field(
...,
description='An summary of impact for how the risk affects the system.',
title='Risk Statement',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
status: constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
)
origins: Optional[List[Origin]] = Field(None)
threat_ids: Optional[List[common.ThreatId]] = Field(None, alias='threat-ids')
characterizations: Optional[List[Characterization]] = Field(None)
mitigating_factors: Optional[List[common.MitigatingFactor]] = Field(None, alias='mitigating-factors')
deadline: Optional[datetime] = Field(
None,
description='The date/time by which the risk must be resolved.',
title='Risk Resolution Deadline',
)
remediations: Optional[List[Response]] = Field(None)
risk_log: Optional[RiskLog] = Field(
None,
alias='risk-log',
description='A log of all risk-related tasks taken.',
title='Risk Log',
)
related_observations: Optional[List[RelatedObservation]] = Field(None, alias='related-observations')
Attributes¤
characterizations: List[trestle.oscal.assessment_results.Characterization]
pydantic-field
¤
deadline: datetime
pydantic-field
¤
The date/time by which the risk must be resolved.
description: str
pydantic-field
required
¤
A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
mitigating_factors: List[trestle.oscal.common.MitigatingFactor]
pydantic-field
¤
origins: List[trestle.oscal.assessment_results.Origin]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
related_observations: List[trestle.oscal.assessment_results.RelatedObservation]
pydantic-field
¤
remediations: List[trestle.oscal.assessment_results.Response]
pydantic-field
¤
risk_log: RiskLog
pydantic-field
¤
A log of all risk-related tasks taken.
statement: str
pydantic-field
required
¤
An summary of impact for how the risk affects the system.
status: ConstrainedStrValue
pydantic-field
required
¤
threat_ids: List[trestle.oscal.common.ThreatId]
pydantic-field
¤
title: str
pydantic-field
required
¤
The title for this risk.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
RiskLog (OscalBaseModel)
pydantic-model
¤
A log of all risk-related tasks taken.
Source code in trestle/oscal/assessment_results.py
class RiskLog(OscalBaseModel):
"""
A log of all risk-related tasks taken.
"""
class Config:
extra = Extra.forbid
entries: List[Entry1] = Field(...)
SelectControlById (OscalBaseModel)
pydantic-model
¤
Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.
Source code in trestle/oscal/assessment_results.py
class SelectControlById(OscalBaseModel):
"""
Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.
"""
class Config:
extra = Extra.forbid
control_id: constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
) = Field(
...,
alias='control-id',
description=
'A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).',
title='Control Identifier Reference',
)
statement_ids: Optional[List[constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
)]] = Field(
None, alias='statement-ids'
)
Attributes¤
control_id: ConstrainedStrValue
pydantic-field
required
¤
A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).
statement_ids: List[trestle.oscal.assessment_results.ConstrainedStrValue]
pydantic-field
¤
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
State (Enum)
¤
State1 (Enum)
¤
Status (OscalBaseModel)
pydantic-model
¤
A determination of if the objective is satisfied or not within a given system.
Source code in trestle/oscal/assessment_results.py
class Status(OscalBaseModel):
"""
A determination of if the objective is satisfied or not within a given system.
"""
class Config:
extra = Extra.forbid
state: State = Field(
...,
description='An indication as to whether the objective is satisfied or not.',
title='Objective Status State',
)
reason: Optional[constr(
regex=
r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
)] = Field(
None,
description="The reason the objective was given it's status.",
title='Objective Status Reason',
)
remarks: Optional[str] = None
Attributes¤
reason: ConstrainedStrValue
pydantic-field
¤
The reason the objective was given it's status.
remarks: str
pydantic-field
¤
state: State
pydantic-field
required
¤
An indication as to whether the objective is satisfied or not.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
Status1 (OscalBaseModel)
pydantic-model
¤
Describes the operational status of the system component.
Source code in trestle/oscal/assessment_results.py
class Status1(OscalBaseModel):
"""
Describes the operational status of the system component.
"""
class Config:
extra = Extra.forbid
state: State1 = Field(..., description='The operational status.', title='State')
remarks: Optional[str] = None
Step (OscalBaseModel)
pydantic-model
¤
Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.
Source code in trestle/oscal/assessment_results.py
class Step(OscalBaseModel):
"""
Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Step Universally Unique Identifier',
)
title: Optional[str] = Field(None, description='The title for this step.', title='Step Title')
description: str = Field(
...,
description='A human-readable description of this step.',
title='Step Description',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
reviewed_controls: Optional[ReviewedControls] = Field(None, alias='reviewed-controls')
responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
required
¤
A human-readable description of this step.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
remarks: str
pydantic-field
¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole]
pydantic-field
¤
reviewed_controls: ReviewedControls
pydantic-field
¤
title: str
pydantic-field
¤
The title for this step.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
SystemComponent (OscalBaseModel)
pydantic-model
¤
A defined component that can be part of an implemented system.
Source code in trestle/oscal/assessment_results.py
class SystemComponent(OscalBaseModel):
"""
A defined component that can be part of an implemented system.
"""
class Config:
extra = Extra.forbid
uuid: constr(
regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
) = Field(
...,
description=
'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
title='Component Identifier',
)
type: constr(regex=r'^\S(.*\S)?$') = Field(
...,
description='A category describing the purpose of the component.',
title='Component Type',
)
title: str = Field(
...,
description='A human readable name for the system component.',
title='Component Title',
)
description: str = Field(
...,
description='A description of the component, including information about its function.',
title='Component Description',
)
purpose: Optional[str] = Field(
None,
description='A summary of the technological or business purpose of the component.',
title='Purpose',
)
props: Optional[List[common.Property]] = Field(None)
links: Optional[List[common.Link]] = Field(None)
status: Status1 = Field(
...,
description='Describes the operational status of the system component.',
title='Status',
)
responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
protocols: Optional[List[common.Protocol]] = Field(None)
remarks: Optional[str] = None
Attributes¤
description: str
pydantic-field
required
¤
A description of the component, including information about its function.
links: List[trestle.oscal.common.Link]
pydantic-field
¤
props: List[trestle.oscal.common.Property]
pydantic-field
¤
protocols: List[trestle.oscal.common.Protocol]
pydantic-field
¤
purpose: str
pydantic-field
¤
A summary of the technological or business purpose of the component.
remarks: str
pydantic-field
¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole]
pydantic-field
¤
status: Status1
pydantic-field
required
¤
Describes the operational status of the system component.
title: str
pydantic-field
required
¤
A human readable name for the system component.
type: ConstrainedStrValue
pydantic-field
required
¤
A category describing the purpose of the component.
uuid: ConstrainedStrValue
pydantic-field
required
¤
A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.
Config
¤
Source code in trestle/oscal/assessment_results.py
class Config:
extra = Extra.forbid
handler: python