Skip to content

poam

trestle.oscal.poam ¤

Classes¤

Activity (OscalBaseModel) pydantic-model ¤

Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.

Source code in trestle/oscal/poam.py
class Activity(OscalBaseModel):
    """
    Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Activity Universally Unique Identifier',
    )
    title: Optional[str] = Field(
        None,
        description='The title for this included activity.',
        title='Included Activity Title',
    )
    description: str = Field(
        ...,
        description='A human-readable description of this included activity.',
        title='Included Activity Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    steps: Optional[List[Step]] = Field(None)
    related_controls: Optional[ReviewedControls] = Field(None, alias='related-controls')
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this included activity.

props: List[trestle.oscal.common.Property] pydantic-field ¤
related_controls: ReviewedControls pydantic-field ¤
remarks: str pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
steps: List[trestle.oscal.poam.Step] pydantic-field ¤
title: str pydantic-field ¤

The title for this included activity.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment activity elsewhere in this or other OSCAL instances. The locally defined UUID of the activity can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Characterization (OscalBaseModel) pydantic-model ¤

A collection of descriptive data about the containing object from a specific origin.

Source code in trestle/oscal/poam.py
class Characterization(OscalBaseModel):
    """
    A collection of descriptive data about the containing object from a specific origin.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origin: Origin1
    facets: List[common.Facet] = Field(...)
facets: List[trestle.oscal.common.Facet] pydantic-field required ¤
origin: Origin1 pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

ControlSelection (OscalBaseModel) pydantic-model ¤

Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.

Source code in trestle/oscal/poam.py
class ControlSelection(OscalBaseModel):
    """
    Identifies the controls being assessed. In the assessment plan, these are the planned controls. In the assessment results, these are the actual controls, and reflects any changes from the plan.
    """

    class Config:
        extra = Extra.forbid

    description: Optional[str] = Field(
        None,
        description='A human-readable description of in-scope controls specified for assessment.',
        title='Assessed Controls Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    include_all: Optional[common.IncludeAll] = Field(None, alias='include-all')
    include_controls: Optional[List[SelectControlById]] = Field(None, alias='include-controls')
    exclude_controls: Optional[List[SelectControlById]] = Field(None, alias='exclude-controls')
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of in-scope controls specified for assessment.

exclude_controls: List[trestle.oscal.poam.SelectControlById] pydantic-field ¤
include_all: IncludeAll pydantic-field ¤
include_controls: List[trestle.oscal.poam.SelectControlById] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: str pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Entry (OscalBaseModel) pydantic-model ¤

Identifies an individual risk response that occurred as part of managing an identified risk.

Source code in trestle/oscal/poam.py
class Entry(OscalBaseModel):
    """
    Identifies an individual risk response that occurred as part of managing an identified risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Risk Log Entry Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this risk log entry.', title='Title')
    description: Optional[str] = Field(
        None,
        description='A human-readable description of what was done regarding the risk.',
        title='Risk Task Description',
    )
    start: datetime = Field(
        ...,
        description='Identifies the start date and time of the event.',
        title='Start',
    )
    end: Optional[datetime] = Field(
        None,
        description=
        'Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.',
        title='End',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
    status_change: Optional[constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )] = Field(
        None, alias='status-change'
    )
    related_responses: Optional[List[common.RelatedResponse]] = Field(None, alias='related-responses')
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field ¤

A human-readable description of what was done regarding the risk.

end: datetime pydantic-field ¤

Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.

logged_by: List[trestle.oscal.common.LoggedBy] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_responses: List[trestle.oscal.common.RelatedResponse] pydantic-field ¤
remarks: str pydantic-field ¤
start: datetime pydantic-field required ¤

Identifies the start date and time of the event.

status_change: ConstrainedStrValue pydantic-field ¤
title: str pydantic-field ¤

The title for this risk log entry.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk log entry elsewhere in this or other OSCAL instances. The locally defined UUID of the risk log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

LocalDefinitions (OscalBaseModel) pydantic-model ¤

Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.

Source code in trestle/oscal/poam.py
class LocalDefinitions(OscalBaseModel):
    """
    Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[SystemComponent]] = Field(None)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    remarks: Optional[str] = None
components: List[trestle.oscal.poam.SystemComponent] pydantic-field ¤
inventory_items: List[trestle.oscal.common.InventoryItem] pydantic-field ¤
remarks: str pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Method (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/poam.py
class Method(OscalBaseModel):
    __root__: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='Identifies how the observation was made.',
        title='Observation Method',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

Identifies how the observation was made.

Model (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/poam.py
class Model(OscalBaseModel):
    plan_of_action_and_milestones: PlanOfActionAndMilestones = Field(..., alias='plan-of-action-and-milestones')
plan_of_action_and_milestones: PlanOfActionAndMilestones pydantic-field required ¤

Observation (OscalBaseModel) pydantic-model ¤

Describes an individual observation.

Source code in trestle/oscal/poam.py
class Observation(OscalBaseModel):
    """
    Describes an individual observation.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Observation Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this observation.', title='Observation Title')
    description: str = Field(
        ...,
        description='A human-readable description of this assessment observation.',
        title='Observation Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    methods: List[Method] = Field(...)
    types: Optional[List[constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )]] = Field(None)
    origins: Optional[List[Origin1]] = Field(None)
    subjects: Optional[List[common.SubjectReference]] = Field(None)
    relevant_evidence: Optional[List[common.RelevantEvidence]] = Field(None, alias='relevant-evidence')
    collected: datetime = Field(
        ...,
        description='Date/time stamp identifying when the finding information was collected.',
        title='Collected Field',
    )
    expires: Optional[datetime] = Field(
        None,
        description=
        'Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.',
        title='Expires Field',
    )
    remarks: Optional[str] = None
Attributes¤
collected: datetime pydantic-field required ¤

Date/time stamp identifying when the finding information was collected.

description: str pydantic-field required ¤

A human-readable description of this assessment observation.

expires: datetime pydantic-field ¤

Date/time identifying when the finding information is out-of-date and no longer valid. Typically used with continuous assessment scenarios.

methods: List[trestle.oscal.poam.Method] pydantic-field required ¤
origins: List[trestle.oscal.poam.Origin1] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
relevant_evidence: List[trestle.oscal.common.RelevantEvidence] pydantic-field ¤
remarks: str pydantic-field ¤
subjects: List[trestle.oscal.common.SubjectReference] pydantic-field ¤
title: str pydantic-field ¤

The title for this observation.

types: List[trestle.oscal.poam.ConstrainedStrValue] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this observation elsewhere in this or other OSCAL instances. The locally defined UUID of the observation can be used to reference the data item locally or globally (e.g., in an imorted OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Origin (OscalBaseModel) pydantic-model ¤

Identifies the source of the finding, such as a tool or person.

Source code in trestle/oscal/poam.py
class Origin(OscalBaseModel):
    """
    Identifies the source of the finding, such as a tool or person.
    """

    class Config:
        extra = Extra.forbid

    actors: List[common.OriginActor] = Field(...)
actors: List[trestle.oscal.common.OriginActor] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Origin1 (OscalBaseModel) pydantic-model ¤

Identifies the source of the finding, such as a tool, interviewed person, or activity.

Source code in trestle/oscal/poam.py
class Origin1(OscalBaseModel):
    """
    Identifies the source of the finding, such as a tool, interviewed person, or activity.
    """

    class Config:
        extra = Extra.forbid

    actors: List[common.OriginActor] = Field(...)
    related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
actors: List[trestle.oscal.common.OriginActor] pydantic-field required ¤
related_tasks: List[trestle.oscal.common.RelatedTask] pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

PlanOfActionAndMilestones (OscalBaseModel) pydantic-model ¤

A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.

Source code in trestle/oscal/poam.py
class PlanOfActionAndMilestones(OscalBaseModel):
    """
    A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Universally Unique Identifier',
    )
    metadata: common.Metadata
    import_ssp: Optional[common.ImportSsp] = Field(None, alias='import-ssp')
    system_id: Optional[common.SystemId] = Field(None, alias='system-id')
    local_definitions: Optional[LocalDefinitions] = Field(None, alias='local-definitions')
    observations: Optional[List[Observation]] = Field(None)
    risks: Optional[List[Risk]] = Field(None)
    poam_items: List[PoamItem] = Field(..., alias='poam-items')
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter: BackMatter pydantic-field ¤
import_ssp: ImportSsp pydantic-field ¤
local_definitions: LocalDefinitions pydantic-field ¤
metadata: Metadata pydantic-field required ¤
observations: List[trestle.oscal.poam.Observation] pydantic-field ¤
poam_items: List[trestle.oscal.poam.PoamItem] pydantic-field required ¤
risks: List[trestle.oscal.poam.Risk] pydantic-field ¤
system_id: SystemId pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

PoamItem (OscalBaseModel) pydantic-model ¤

Describes an individual POA&M item.

Source code in trestle/oscal/poam.py
class PoamItem(OscalBaseModel):
    """
    Describes an individual POA&M item.
    """

    class Config:
        extra = Extra.forbid

    uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        description=
        'A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Item Universally Unique Identifier',
    )
    title: str = Field(
        ...,
        description='The title or name for this POA&M item .',
        title='POA&M Item Title',
    )
    description: str = Field(
        ...,
        description='A human-readable description of POA&M item.',
        title='POA&M Item Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origins: Optional[List[Origin]] = Field(None)
    related_observations: Optional[List[RelatedObservation]] = Field(None, alias='related-observations')
    related_risks: Optional[List[common.RelatedRisk]] = Field(None, alias='related-risks')
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of POA&M item.

origins: List[trestle.oscal.poam.Origin] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_observations: List[trestle.oscal.poam.RelatedObservation] pydantic-field ¤
related_risks: List[trestle.oscal.common.RelatedRisk] pydantic-field ¤
remarks: str pydantic-field ¤
title: str pydantic-field required ¤

The title or name for this POA&M item .

uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

RelatedObservation (OscalBaseModel) pydantic-model ¤

Relates the poam-item to a set of referenced observations that were used to determine the finding.

Source code in trestle/oscal/poam.py
class RelatedObservation(OscalBaseModel):
    """
    Relates the poam-item to a set of referenced observations that were used to determine the finding.
    """

    class Config:
        extra = Extra.forbid

    observation_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='observation-uuid',
        description='A machine-oriented identifier reference to an observation defined in the list of observations.',
        title='Observation Universally Unique Identifier Reference',
    )
Attributes¤
observation_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to an observation defined in the list of observations.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

RelatedObservation1 (OscalBaseModel) pydantic-model ¤

Relates the finding to a set of referenced observations that were used to determine the finding.

Source code in trestle/oscal/poam.py
class RelatedObservation1(OscalBaseModel):
    """
    Relates the finding to a set of referenced observations that were used to determine the finding.
    """

    class Config:
        extra = Extra.forbid

    observation_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='observation-uuid',
        description='A machine-oriented identifier reference to an observation defined in the list of observations.',
        title='Observation Universally Unique Identifier Reference',
    )
Attributes¤
observation_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to an observation defined in the list of observations.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Response (OscalBaseModel) pydantic-model ¤

Describes either recommended or an actual plan for addressing the risk.

Source code in trestle/oscal/poam.py
class Response(OscalBaseModel):
    """
    Describes either recommended or an actual plan for addressing the risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Remediation Universally Unique Identifier',
    )
    lifecycle: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        description=
        'Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.',
        title='Remediation Intent',
    )
    title: str = Field(..., description='The title for this response activity.', title='Response Title')
    description: str = Field(
        ...,
        description='A human-readable description of this response plan.',
        title='Response Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    origins: Optional[List[Origin1]] = Field(None)
    required_assets: Optional[List[common.RequiredAsset]] = Field(None, alias='required-assets')
    tasks: Optional[List[common.Task]] = Field(None)
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this response plan.

lifecycle: ConstrainedStrValue pydantic-field required ¤

Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.

origins: List[trestle.oscal.poam.Origin1] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: str pydantic-field ¤
required_assets: List[trestle.oscal.common.RequiredAsset] pydantic-field ¤
tasks: List[trestle.oscal.common.Task] pydantic-field ¤
title: str pydantic-field required ¤

The title for this response activity.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this remediation elsewhere in this or other OSCAL instances. The locally defined UUID of the risk response can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

ReviewedControls (OscalBaseModel) pydantic-model ¤

Identifies the controls being assessed and their control objectives.

Source code in trestle/oscal/poam.py
class ReviewedControls(OscalBaseModel):
    """
    Identifies the controls being assessed and their control objectives.
    """

    class Config:
        extra = Extra.forbid

    description: Optional[str] = Field(
        None,
        description='A human-readable description of control objectives.',
        title='Control Objective Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    control_selections: List[ControlSelection] = Field(..., alias='control-selections')
    control_objective_selections: Optional[List[common.ControlObjectiveSelection]] = Field(
        None, alias='control-objective-selections'
    )
    remarks: Optional[str] = None
Attributes¤
control_objective_selections: List[trestle.oscal.common.ControlObjectiveSelection] pydantic-field ¤
control_selections: List[trestle.oscal.poam.ControlSelection] pydantic-field required ¤
description: str pydantic-field ¤

A human-readable description of control objectives.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: str pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Risk (OscalBaseModel) pydantic-model ¤

An identified risk.

Source code in trestle/oscal/poam.py
class Risk(OscalBaseModel):
    """
    An identified risk.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Risk Universally Unique Identifier',
    )
    title: str = Field(..., description='The title for this risk.', title='Risk Title')
    description: str = Field(
        ...,
        description=
        'A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.',
        title='Risk Description',
    )
    statement: str = Field(
        ...,
        description='An summary of impact for how the risk affects the system.',
        title='Risk Statement',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )
    origins: Optional[List[Origin1]] = Field(None)
    threat_ids: Optional[List[common.ThreatId]] = Field(None, alias='threat-ids')
    characterizations: Optional[List[Characterization]] = Field(None)
    mitigating_factors: Optional[List[common.MitigatingFactor]] = Field(None, alias='mitigating-factors')
    deadline: Optional[datetime] = Field(
        None,
        description='The date/time by which the risk must be resolved.',
        title='Risk Resolution Deadline',
    )
    remediations: Optional[List[Response]] = Field(None)
    risk_log: Optional[RiskLog] = Field(
        None,
        alias='risk-log',
        description='A log of all risk-related tasks taken.',
        title='Risk Log',
    )
    related_observations: Optional[List[RelatedObservation1]] = Field(None, alias='related-observations')
Attributes¤
characterizations: List[trestle.oscal.poam.Characterization] pydantic-field ¤
deadline: datetime pydantic-field ¤

The date/time by which the risk must be resolved.

description: str pydantic-field required ¤

A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.

mitigating_factors: List[trestle.oscal.common.MitigatingFactor] pydantic-field ¤
origins: List[trestle.oscal.poam.Origin1] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_observations: List[trestle.oscal.poam.RelatedObservation1] pydantic-field ¤
remediations: List[trestle.oscal.poam.Response] pydantic-field ¤
risk_log: RiskLog pydantic-field ¤

A log of all risk-related tasks taken.

statement: str pydantic-field required ¤

An summary of impact for how the risk affects the system.

status: ConstrainedStrValue pydantic-field required ¤
threat_ids: List[trestle.oscal.common.ThreatId] pydantic-field ¤
title: str pydantic-field required ¤

The title for this risk.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

RiskLog (OscalBaseModel) pydantic-model ¤

A log of all risk-related tasks taken.

Source code in trestle/oscal/poam.py
class RiskLog(OscalBaseModel):
    """
    A log of all risk-related tasks taken.
    """

    class Config:
        extra = Extra.forbid

    entries: List[Entry] = Field(...)
entries: List[trestle.oscal.poam.Entry] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

SelectControlById (OscalBaseModel) pydantic-model ¤

Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.

Source code in trestle/oscal/poam.py
class SelectControlById(OscalBaseModel):
    """
    Used to select a control for inclusion/exclusion based on one or more control identifiers. A set of statement identifiers can be used to target the inclusion/exclusion to only specific control statements providing more granularity over the specific statements that are within the asessment scope.
    """

    class Config:
        extra = Extra.forbid

    control_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='control-id',
        description=
        'A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).',
        title='Control Identifier Reference',
    )
    statement_ids: Optional[List[constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )]] = Field(
        None, alias='statement-ids'
    )
Attributes¤
control_id: ConstrainedStrValue pydantic-field required ¤

A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).

statement_ids: List[trestle.oscal.poam.ConstrainedStrValue] pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

State (Enum) ¤

The operational status.

Source code in trestle/oscal/poam.py
class State(Enum):
    """
    The operational status.
    """

    under_development = 'under-development'
    operational = 'operational'
    disposition = 'disposition'
    other = 'other'
disposition ¤
operational ¤
other ¤
under_development ¤

State1 (Enum) ¤

An indication as to whether the objective is satisfied or not.

Source code in trestle/oscal/poam.py
class State1(Enum):
    """
    An indication as to whether the objective is satisfied or not.
    """

    satisfied = 'satisfied'
    not_satisfied = 'not-satisfied'
not_satisfied ¤
satisfied ¤

Status (OscalBaseModel) pydantic-model ¤

Describes the operational status of the system component.

Source code in trestle/oscal/poam.py
class Status(OscalBaseModel):
    """
    Describes the operational status of the system component.
    """

    class Config:
        extra = Extra.forbid

    state: State = Field(..., description='The operational status.', title='State')
    remarks: Optional[str] = None
Attributes¤
remarks: str pydantic-field ¤
state: State pydantic-field required ¤

The operational status.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Status1 (OscalBaseModel) pydantic-model ¤

A determination of if the objective is satisfied or not within a given system.

Source code in trestle/oscal/poam.py
class Status1(OscalBaseModel):
    """
    A determination of if the objective is satisfied or not within a given system.
    """

    class Config:
        extra = Extra.forbid

    state: State1 = Field(
        ...,
        description='An indication as to whether the objective is satisfied or not.',
        title='Objective Status State',
    )
    reason: Optional[constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    )] = Field(
        None,
        description="The reason the objective was given it's status.",
        title='Objective Status Reason',
    )
    remarks: Optional[str] = None
Attributes¤
reason: ConstrainedStrValue pydantic-field ¤

The reason the objective was given it's status.

remarks: str pydantic-field ¤
state: State1 pydantic-field required ¤

An indication as to whether the objective is satisfied or not.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

Step (OscalBaseModel) pydantic-model ¤

Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.

Source code in trestle/oscal/poam.py
class Step(OscalBaseModel):
    """
    Identifies an individual step in a series of steps related to an activity, such as an assessment test or examination procedure.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Step Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this step.', title='Step Title')
    description: str = Field(
        ...,
        description='A human-readable description of this step.',
        title='Step Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    reviewed_controls: Optional[ReviewedControls] = Field(None, alias='reviewed-controls')
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field required ¤

A human-readable description of this step.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: str pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
reviewed_controls: ReviewedControls pydantic-field ¤
title: str pydantic-field ¤

The title for this step.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this step elsewhere in this or other OSCAL instances. The locally defined UUID of the step (in a series of steps) can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

SystemComponent (OscalBaseModel) pydantic-model ¤

A defined component that can be part of an implemented system.

Source code in trestle/oscal/poam.py
class SystemComponent(OscalBaseModel):
    """
    A defined component that can be part of an implemented system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Component Identifier',
    )
    type: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='A category describing the purpose of the component.',
        title='Component Type',
    )
    title: str = Field(
        ...,
        description='A human readable name for the system component.',
        title='Component Title',
    )
    description: str = Field(
        ...,
        description='A description of the component, including information about its function.',
        title='Component Description',
    )
    purpose: Optional[str] = Field(
        None,
        description='A summary of the technological or business purpose of the component.',
        title='Purpose',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: Status = Field(
        ...,
        description='Describes the operational status of the system component.',
        title='Status',
    )
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    protocols: Optional[List[common.Protocol]] = Field(None)
    remarks: Optional[str] = None
Attributes¤
description: str pydantic-field required ¤

A description of the component, including information about its function.

props: List[trestle.oscal.common.Property] pydantic-field ¤
protocols: List[trestle.oscal.common.Protocol] pydantic-field ¤
purpose: str pydantic-field ¤

A summary of the technological or business purpose of the component.

remarks: str pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
status: Status pydantic-field required ¤

Describes the operational status of the system component.

title: str pydantic-field required ¤

A human readable name for the system component.

type: ConstrainedStrValue pydantic-field required ¤

A category describing the purpose of the component.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py
class Config:
    extra = Extra.forbid

handler: python