Skip to content

assessment_results

trestle.oscal.assessment_results ¤

Classes¤

Activity (OscalBaseModel) pydantic-model ¤

Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.

Source code in trestle/oscal/assessment_results.py
class Activity(OscalBaseModel):
    """
    Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Activity Universally Unique Identifier',
    )
    title: Optional[str] = Field(
        None,
        description='The title for this included activity.',
        title='Included Activity Title',
    )
    description: str = Field(
        ...,
        description='A human-readable description of this included activity.',
        title='Included Activity Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    steps: Optional[List[Step]] = Field(None)
    related_controls: Optional[ReviewedControls] = Field(None, alias='related-controls')
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this included activity.

props: List[trestle.oscal.common.Property] pydantic-field ¤
related_controls: ReviewedControls pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
steps: List[trestle.oscal.assessment_results.Step] pydantic-field ¤
title: str pydantic-field ¤

The title for this included activity.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

AssessmentAssets (OscalBaseModel) pydantic-model ¤

Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.

Source code in trestle/oscal/assessment_results.py
class AssessmentAssets(OscalBaseModel):
    """
    Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[SystemComponent]] = Field(None)
    assessment_platforms: List[common.AssessmentPlatform] = Field(..., alias='assessment-platforms')
assessment_platforms: List[trestle.oscal.common.AssessmentPlatform] pydantic-field required ¤
components: List[trestle.oscal.assessment_results.SystemComponent] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

AssessmentLog (OscalBaseModel) pydantic-model ¤

A log of all assessment-related actions taken.

Source code in trestle/oscal/assessment_results.py
class AssessmentLog(OscalBaseModel):
    """
    A log of all assessment-related actions taken.
    """

    class Config:
        extra = Extra.forbid

    entries: List[Entry] = Field(...)
entries: List[trestle.oscal.assessment_results.Entry] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

AssessmentResults (OscalBaseModel) pydantic-model ¤

Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.

Source code in trestle/oscal/assessment_results.py
class AssessmentResults(OscalBaseModel):
    """
    Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Results Universally Unique Identifier',
    )
    metadata: common.Metadata
    import_ap: ImportAp = Field(..., alias='import-ap')
    local_definitions: Optional[LocalDefinitions] = Field(
        None,
        alias='local-definitions',
        description=
        'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
        title='Local Definitions',
    )
    results: List[Result] = Field(...)
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter: BackMatter pydantic-field ¤
import_ap: ImportAp pydantic-field required ¤
local_definitions: LocalDefinitions pydantic-field ¤

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

metadata: Metadata pydantic-field required ¤
results: List[trestle.oscal.assessment_results.Result] pydantic-field required ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Attestation (OscalBaseModel) pydantic-model ¤

A set of textual statements, typically written by the assessor.

Source code in trestle/oscal/assessment_results.py
class Attestation(OscalBaseModel):
    """
    A set of textual statements, typically written by the assessor.
    """

    class Config:
        extra = Extra.forbid

    responsible_parties: Optional[List[common.ResponsibleParty]] = Field(None, alias='responsible-parties')
    parts: List[common.AssessmentPart] = Field(...)
parts: List[trestle.oscal.common.AssessmentPart] pydantic-field required ¤
responsible_parties: List[trestle.oscal.common.ResponsibleParty] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Characterization (OscalBaseModel) pydantic-model ¤

A collection of descriptive data about the containing object from a specific origin.

Source code in trestle/oscal/assessment_results.py
class Characterization(OscalBaseModel):
    """
    A collection of descriptive data about the containing object from a specific origin.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origin: Origin
    facets: List[common.Facet] = Field(...)
facets: List[trestle.oscal.common.Facet] pydantic-field required ¤
origin: Origin pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

ControlSelection (OscalBaseModel) pydantic-model ¤

Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.

Source code in trestle/oscal/assessment_results.py
class ControlSelection(OscalBaseModel):
    """
    Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
    """

    class Config:
        extra = Extra.forbid

    description: Optional[str] = Field(
        None,
        description='A human-readable description of in-scope controls specified for assessment.',
        title='Assessed Controls Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    include_all: Optional[common.IncludeAll] = Field(None, alias='include-all')
    include_controls: Optional[List[SelectControlById]] = Field(None, alias='include-controls')
    exclude_controls: Optional[List[SelectControlById]] = Field(None, alias='exclude-controls')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of in-scope controls specified for assessment.

exclude_controls: List[trestle.oscal.assessment_results.SelectControlById] pydantic-field ¤
include_all: IncludeAll pydantic-field ¤
include_controls: List[trestle.oscal.assessment_results.SelectControlById] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Entry (OscalBaseModel) pydantic-model ¤

Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.

Source code in trestle/oscal/assessment_results.py
class Entry(OscalBaseModel):
    """
    Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Log Entry Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this event.', title='Action Title')
    description: Optional[str] = Field(
        None,
        description='A human-readable description of this event.',
        title='Action Description',
    )
    start: datetime = Field(
        ...,
        description='Identifies the start date and time of an event.',
        title='Start',
    )
    end: Optional[datetime] = Field(
        None,
        description=
        'Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.',
        title='End',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
    related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of this event.

end: datetime pydantic-field ¤

Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.

logged_by: List[trestle.oscal.common.LoggedBy] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_tasks: List[trestle.oscal.common.RelatedTask] pydantic-field ¤
remarks: Remarks pydantic-field ¤
start: datetime pydantic-field required ¤

Identifies the start date and time of an event.

title: str pydantic-field ¤

The title for this event.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Entry1 (OscalBaseModel) pydantic-model ¤

Identifies an individual risk response that occurred as part of managing an identified risk.

Source code in trestle/oscal/assessment_results.py
class Entry1(OscalBaseModel):
    """
    Identifies an individual risk response that occurred as part of managing an identified risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Risk Log Entry Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this risk log entry.', title='Title')
    description: Optional[str] = Field(
        None,
        description='A human-readable description of what was done regarding the risk.',
        title='Risk Task Description',
    )
    start: datetime = Field(
        ...,
        description='Identifies the start date and time of the event.',
        title='Start',
    )
    end: Optional[datetime] = Field(
        None,
        description=
        'Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.',
        title='End',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
    status_change: Optional[common.RiskStatus] = Field(None, alias='status-change')
    related_responses: Optional[List[common.RelatedResponse]] = Field(None, alias='related-responses')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of what was done regarding the risk.

end: datetime pydantic-field ¤

Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.

logged_by: List[trestle.oscal.common.LoggedBy] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_responses: List[trestle.oscal.common.RelatedResponse] pydantic-field ¤
remarks: Remarks pydantic-field ¤
start: datetime pydantic-field required ¤

Identifies the start date and time of the event.

status_change: RiskStatus pydantic-field ¤
title: str pydantic-field ¤

The title for this risk log entry.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Finding (OscalBaseModel) pydantic-model ¤

Describes an individual finding.

Source code in trestle/oscal/assessment_results.py
class Finding(OscalBaseModel):
    """
    Describes an individual finding.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Finding Universally Unique Identifier',
    )
    title: str = Field(..., description='The title for this finding.', title='Finding Title')
    description: str = Field(
        ...,
        description='A human-readable description of this finding.',
        title='Finding Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origins: Optional[List[Origin]] = Field(None)
    target: FindingTarget
    implementation_statement_uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        alias='implementation-statement-uuid',
        description=
        'A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.',
        title='Implementation Statement UUID',
    )
    related_observations: Optional[List[RelatedObservation]] = Field(None, alias='related-observations')
    related_risks: Optional[List[common.RelatedRisk]] = Field(None, alias='related-risks')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this finding.

implementation_statement_uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented identifier reference to the implementation statement in the SSP to which this finding is related.

origins: List[trestle.oscal.assessment_results.Origin] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_observations: List[trestle.oscal.assessment_results.RelatedObservation] pydantic-field ¤
related_risks: List[trestle.oscal.common.RelatedRisk] pydantic-field ¤
remarks: Remarks pydantic-field ¤
target: FindingTarget pydantic-field required ¤
title: str pydantic-field required ¤

The title for this finding.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this finding in this or other OSCAL instances. The locally defined UUID of the finding can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

FindingTarget (OscalBaseModel) pydantic-model ¤

Captures an assessor's conclusions regarding the degree to which an objective is satisfied.

Source code in trestle/oscal/assessment_results.py
class FindingTarget(OscalBaseModel):
    """
    Captures an assessor's conclusions regarding the degree to which an objective is satisfied.
    """

    class Config:
        extra = Extra.forbid

    type: common.Type1 = Field(
        ...,
        description='Identifies the type of the target.',
        title='Finding Target Type',
    )
    target_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='target-id',
        description='A machine-oriented identifier reference for a specific target qualified by the type.',
        title='Finding Target Identifier Reference',
    )
    title: Optional[str] = Field(
        None,
        description='The title for this objective status.',
        title='Objective Status Title',
    )
    description: Optional[str] = Field(
        None,
        description=
        "A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.",
        title='Objective Status Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: Status = Field(
        ...,
        description='A determination of if the objective is satisfied or not within a given system.',
        title='Objective Status',
    )
    implementation_status: Optional[common.ImplementationStatus] = Field(None, alias='implementation-status')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of the assessor's conclusions regarding the degree to which an objective is satisfied.

implementation_status: ImplementationStatus pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
status: Status pydantic-field required ¤

A determination of if the objective is satisfied or not within a given system.

target_id: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference for a specific target qualified by the type.

title: str pydantic-field ¤

The title for this objective status.

type: Type1 pydantic-field required ¤

Identifies the type of the target.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

ImportAp (OscalBaseModel) pydantic-model ¤

Used by assessment-results to import information about the original plan for assessing the system.

Source code in trestle/oscal/assessment_results.py
class ImportAp(OscalBaseModel):
    """
    Used by assessment-results to import information about the original plan for assessing the system.
    """

    class Config:
        extra = Extra.forbid

    href: str = Field(
        ...,
        description='A resolvable URL reference to the assessment plan governing the assessment activities.',
        title='Assessment Plan Reference',
    )
    remarks: Optional[common.Remarks] = None
Attributes¤
href: str pydantic-field required ¤

A resolvable URL reference to the assessment plan governing the assessment activities.

remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

LocalDefinitions (OscalBaseModel) pydantic-model ¤

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py
class LocalDefinitions(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    objectives_and_methods: Optional[List[common.LocalObjective]] = Field(None, alias='objectives-and-methods')
    activities: Optional[List[Activity]] = Field(None)
    remarks: Optional[common.Remarks] = None
activities: List[trestle.oscal.assessment_results.Activity] pydantic-field ¤
objectives_and_methods: List[trestle.oscal.common.LocalObjective] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

LocalDefinitions1 (OscalBaseModel) pydantic-model ¤

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py
class LocalDefinitions1(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[SystemComponent]] = Field(None)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    users: Optional[List[common.SystemUser]] = Field(None)
    assessment_assets: Optional[AssessmentAssets] = Field(None, alias='assessment-assets')
    tasks: Optional[List[common.Task]] = Field(None)
assessment_assets: AssessmentAssets pydantic-field ¤
components: List[trestle.oscal.assessment_results.SystemComponent] pydantic-field ¤
inventory_items: List[trestle.oscal.common.InventoryItem] pydantic-field ¤
tasks: List[trestle.oscal.common.Task] pydantic-field ¤
users: List[trestle.oscal.common.SystemUser] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Method (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/assessment_results.py
class Method(OscalBaseModel):
    __root__: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='Identifies how the observation was made.',
        title='Observation Method',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

Identifies how the observation was made.

Model (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/assessment_results.py
class Model(OscalBaseModel):
    assessment_results: AssessmentResults = Field(..., alias='assessment-results')
assessment_results: AssessmentResults pydantic-field required ¤

Observation (OscalBaseModel) pydantic-model ¤

Describes an individual observation.

Source code in trestle/oscal/assessment_results.py
class Observation(OscalBaseModel):
    """
    Describes an individual observation.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Observation Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this observation.', title='Observation Title')
    description: str = Field(
        ...,
        description='A human-readable description of this assessment observation.',
        title='Observation Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    methods: List[Method] = Field(...)
    types: Optional[List[common.Type2]] = Field(None)
    origins: Optional[List[Origin]] = Field(None)
    subjects: Optional[List[common.SubjectReference]] = Field(None)
    relevant_evidence: Optional[List[common.RelevantEvidence]] = Field(None, alias='relevant-evidence')
    collected: datetime = Field(
        ...,
        description='Date/time stamp identifying when the finding information was collected.',
        title='collected field',
    )
    expires: Optional[datetime] = Field(
        None,
        description=
        'Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.',
        title='expires field',
    )
    remarks: Optional[common.Remarks] = None
Attributes¤
collected: datetime pydantic-field required ¤

Date/time stamp identifying when the finding information was collected.

description: str pydantic-field required ¤

A human-readable description of this assessment observation.

expires: datetime pydantic-field ¤

Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.

methods: List[trestle.oscal.assessment_results.Method] pydantic-field required ¤
origins: List[trestle.oscal.assessment_results.Origin] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
relevant_evidence: List[trestle.oscal.common.RelevantEvidence] pydantic-field ¤
remarks: Remarks pydantic-field ¤
subjects: List[trestle.oscal.common.SubjectReference] pydantic-field ¤
title: str pydantic-field ¤

The title for this observation.

types: List[trestle.oscal.common.Type2] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Origin (OscalBaseModel) pydantic-model ¤

Identifies the source of the finding, such as a tool, interviewed person, or activity.

Source code in trestle/oscal/assessment_results.py
class Origin(OscalBaseModel):
    """
    Identifies the source of the finding, such as a tool, interviewed person, or activity.
    """

    class Config:
        extra = Extra.forbid

    actors: List[common.OriginActor] = Field(...)
    related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
actors: List[trestle.oscal.common.OriginActor] pydantic-field required ¤
related_tasks: List[trestle.oscal.common.RelatedTask] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

RelatedObservation (OscalBaseModel) pydantic-model ¤

Relates the finding to a set of referenced observations that were used to determine the finding.

Source code in trestle/oscal/assessment_results.py
class RelatedObservation(OscalBaseModel):
    """
    Relates the finding to a set of referenced observations that were used to determine the finding.
    """

    class Config:
        extra = Extra.forbid

    observation_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='observation-uuid',
        description='A machine-oriented identifier reference to an observation defined in the list of observations.',
        title='Observation Universally Unique Identifier Reference',
    )
Attributes¤
observation_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to an observation defined in the list of observations.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Response (OscalBaseModel) pydantic-model ¤

Describes either recommended or an actual plan for addressing the risk.

Source code in trestle/oscal/assessment_results.py
class Response(OscalBaseModel):
    """
    Describes either recommended or an actual plan for addressing the risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Remediation Universally Unique Identifier',
    )
    lifecycle: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        description=
        'Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.',
        title='Remediation Intent',
    )
    title: str = Field(..., description='The title for this response activity.', title='Response Title')
    description: str = Field(
        ...,
        description='A human-readable description of this response plan.',
        title='Response Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origins: Optional[List[Origin]] = Field(None)
    required_assets: Optional[List[common.RequiredAsset]] = Field(None, alias='required-assets')
    tasks: Optional[List[common.Task]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this response plan.

lifecycle: ConstrainedStrValue pydantic-field required ¤

Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.

origins: List[trestle.oscal.assessment_results.Origin] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
required_assets: List[trestle.oscal.common.RequiredAsset] pydantic-field ¤
tasks: List[trestle.oscal.common.Task] pydantic-field ¤
title: str pydantic-field required ¤

The title for this response activity.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Result (OscalBaseModel) pydantic-model ¤

Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.

Source code in trestle/oscal/assessment_results.py
class Result(OscalBaseModel):
    """
    Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Results Universally Unique Identifier',
    )
    title: str = Field(..., description='The title for this set of results.', title='Results Title')
    description: str = Field(
        ...,
        description='A human-readable description of this set of test results.',
        title='Results Description',
    )
    start: datetime = Field(
        ...,
        description='Date/time stamp identifying the start of the evidence collection reflected in these results.',
        title='start field',
    )
    end: Optional[datetime] = Field(
        None,
        description=
        'Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.',
        title='end field',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    local_definitions: Optional[LocalDefinitions1] = Field(
        None,
        alias='local-definitions',
        description=
        'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
        title='Local Definitions',
    )
    reviewed_controls: ReviewedControls = Field(..., alias='reviewed-controls')
    attestations: Optional[List[Attestation]] = Field(None)
    assessment_log: Optional[AssessmentLog] = Field(
        None,
        alias='assessment-log',
        description='A log of all assessment-related actions taken.',
        title='Assessment Log',
    )
    observations: Optional[List[Observation]] = Field(None)
    risks: Optional[List[Risk]] = Field(None)
    findings: Optional[List[Finding]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
assessment_log: AssessmentLog pydantic-field ¤

A log of all assessment-related actions taken.

attestations: List[trestle.oscal.assessment_results.Attestation] pydantic-field ¤
description: str pydantic-field required ¤

A human-readable description of this set of test results.

end: datetime pydantic-field ¤

Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.

findings: List[trestle.oscal.assessment_results.Finding] pydantic-field ¤
local_definitions: LocalDefinitions1 pydantic-field ¤

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

observations: List[trestle.oscal.assessment_results.Observation] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
reviewed_controls: ReviewedControls pydantic-field required ¤
risks: List[trestle.oscal.assessment_results.Risk] pydantic-field ¤
start: datetime pydantic-field required ¤

Date/time stamp identifying the start of the evidence collection reflected in these results.

title: str pydantic-field required ¤

The title for this set of results.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

ReviewedControls (OscalBaseModel) pydantic-model ¤

Identifies the controls being assessed and their control objectives.

Source code in trestle/oscal/assessment_results.py
class ReviewedControls(OscalBaseModel):
    """
    Identifies the controls being assessed and their control objectives.
    """

    class Config:
        extra = Extra.forbid

    description: Optional[str] = Field(
        None,
        description='A human-readable description of control objectives.',
        title='Control Objective Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    control_selections: List[ControlSelection] = Field(..., alias='control-selections')
    control_objective_selections: Optional[List[common.ControlObjectiveSelection]] = Field(
        None, alias='control-objective-selections'
    )
    remarks: Optional[common.Remarks] = None
Attributes¤
control_objective_selections: List[trestle.oscal.common.ControlObjectiveSelection] pydantic-field ¤
control_selections: List[trestle.oscal.assessment_results.ControlSelection] pydantic-field required ¤
description: str pydantic-field ¤

A human-readable description of control objectives.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Risk (OscalBaseModel) pydantic-model ¤

An identified risk.

Source code in trestle/oscal/assessment_results.py
class Risk(OscalBaseModel):
    """
    An identified risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Risk Universally Unique Identifier',
    )
    title: str = Field(..., description='The title for this risk.', title='Risk Title')
    description: str = Field(
        ...,
        description=
        'A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.',
        title='Risk Description',
    )
    statement: str = Field(
        ...,
        description='An summary of impact for how the risk affects the system.',
        title='Risk Statement',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: common.RiskStatus
    origins: Optional[List[Origin]] = Field(None)
    threat_ids: Optional[List[common.ThreatId]] = Field(None, alias='threat-ids')
    characterizations: Optional[List[Characterization]] = Field(None)
    mitigating_factors: Optional[List[common.MitigatingFactor]] = Field(None, alias='mitigating-factors')
    deadline: Optional[datetime] = Field(
        None,
        description='The date/time by which the risk must be resolved.',
        title='Risk Resolution Deadline',
    )
    remediations: Optional[List[Response]] = Field(None)
    risk_log: Optional[RiskLog] = Field(
        None,
        alias='risk-log',
        description='A log of all risk-related tasks taken.',
        title='Risk Log',
    )
    related_observations: Optional[List[common.RelatedObservation1]] = Field(None, alias='related-observations')
Attributes¤
characterizations: List[trestle.oscal.assessment_results.Characterization] pydantic-field ¤
deadline: datetime pydantic-field ¤

The date/time by which the risk must be resolved.

description: str pydantic-field required ¤

A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.

mitigating_factors: List[trestle.oscal.common.MitigatingFactor] pydantic-field ¤
origins: List[trestle.oscal.assessment_results.Origin] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_observations: List[trestle.oscal.common.RelatedObservation1] pydantic-field ¤
remediations: List[trestle.oscal.assessment_results.Response] pydantic-field ¤
risk_log: RiskLog pydantic-field ¤

A log of all risk-related tasks taken.

statement: str pydantic-field required ¤

An summary of impact for how the risk affects the system.

status: RiskStatus pydantic-field required ¤
threat_ids: List[trestle.oscal.common.ThreatId] pydantic-field ¤
title: str pydantic-field required ¤

The title for this risk.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

RiskLog (OscalBaseModel) pydantic-model ¤

A log of all risk-related tasks taken.

Source code in trestle/oscal/assessment_results.py
class RiskLog(OscalBaseModel):
    """
    A log of all risk-related tasks taken.
    """

    class Config:
        extra = Extra.forbid

    entries: List[Entry1] = Field(...)
entries: List[trestle.oscal.assessment_results.Entry1] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

SelectControlById (OscalBaseModel) pydantic-model ¤

Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.

Source code in trestle/oscal/assessment_results.py
class SelectControlById(OscalBaseModel):
    """
    Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.
    """

    class Config:
        extra = Extra.forbid

    control_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='control-id',
        description=
        'A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).',
        title='Control Identifier Reference',
    )
    statement_ids: Optional[List[common.StatementId]] = Field(None, alias='statement-ids')
Attributes¤
control_id: ConstrainedStrValue pydantic-field required ¤

A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).

statement_ids: List[trestle.oscal.common.StatementId] pydantic-field ¤
Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

State (Enum) ¤

An indication as to whether the objective is satisfied or not.

Source code in trestle/oscal/assessment_results.py
class State(Enum):
    """
    An indication as to whether the objective is satisfied or not.
    """

    satisfied = 'satisfied'
    not_satisfied = 'not-satisfied'
not_satisfied ¤
satisfied ¤

State1 (Enum) ¤

The operational status.

Source code in trestle/oscal/assessment_results.py
class State1(Enum):
    """
    The operational status.
    """

    under_development = 'under-development'
    operational = 'operational'
    disposition = 'disposition'
    other = 'other'
disposition ¤
operational ¤
other ¤
under_development ¤

Status (OscalBaseModel) pydantic-model ¤

A determination of if the objective is satisfied or not within a given system.

Source code in trestle/oscal/assessment_results.py
class Status(OscalBaseModel):
    """
    A determination of if the objective is satisfied or not within a given system.
    """

    class Config:
        extra = Extra.forbid

    state: State = Field(
        ...,
        description='An indication as to whether the objective is satisfied or not.',
        title='Objective Status State',
    )
    reason: Optional[constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )] = Field(
        None,
        description="The reason the objective was given it's status.",
        title='Objective Status Reason',
    )
    remarks: Optional[common.Remarks] = None
Attributes¤
reason: ConstrainedStrValue pydantic-field ¤

The reason the objective was given it's status.

remarks: Remarks pydantic-field ¤
state: State pydantic-field required ¤

An indication as to whether the objective is satisfied or not.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Status1 (OscalBaseModel) pydantic-model ¤

Describes the operational status of the system component.

Source code in trestle/oscal/assessment_results.py
class Status1(OscalBaseModel):
    """
    Describes the operational status of the system component.
    """

    class Config:
        extra = Extra.forbid

    state: State1 = Field(..., description='The operational status.', title='State')
    remarks: Optional[common.Remarks] = None
Attributes¤
remarks: Remarks pydantic-field ¤
state: State1 pydantic-field required ¤

The operational status.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

Step (OscalBaseModel) pydantic-model ¤

Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.

Source code in trestle/oscal/assessment_results.py
class Step(OscalBaseModel):
    """
    Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Step Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this step.', title='Step Title')
    description: str = Field(
        ...,
        description='A human-readable description of this step.',
        title='Step Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    reviewed_controls: Optional[ReviewedControls] = Field(None, alias='reviewed-controls')
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this step.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
reviewed_controls: ReviewedControls pydantic-field ¤
title: str pydantic-field ¤

The title for this step.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

SystemComponent (OscalBaseModel) pydantic-model ¤

A defined component that can be part of an implemented system.

Source code in trestle/oscal/assessment_results.py
class SystemComponent(OscalBaseModel):
    """
    A defined component that can be part of an implemented system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Component Identifier',
    )
    type: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='A category describing the purpose of the component.',
        title='Component Type',
    )
    title: str = Field(
        ...,
        description='A human readable name for the system component.',
        title='Component Title',
    )
    description: str = Field(
        ...,
        description='A description of the component, including information about its function.',
        title='Component Description',
    )
    purpose: Optional[str] = Field(
        None,
        description='A summary of the technological or business purpose of the component.',
        title='Purpose',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: Status1 = Field(
        ...,
        description='Describes the operational status of the system component.',
        title='Status',
    )
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    protocols: Optional[List[common.Protocol]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A description of the component, including information about its function.

props: List[trestle.oscal.common.Property] pydantic-field ¤
protocols: List[trestle.oscal.common.Protocol] pydantic-field ¤
purpose: str pydantic-field ¤

A summary of the technological or business purpose of the component.

remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
status: Status1 pydantic-field required ¤

Describes the operational status of the system component.

title: str pydantic-field required ¤

A human readable name for the system component.

type: ConstrainedStrValue pydantic-field required ¤

A category describing the purpose of the component.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/assessment_results.py
class Config:
    extra = Extra.forbid

handler: python