Skip to content

ssp

trestle.oscal.ssp ¤

Classes¤

AdjustmentJustification (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class AdjustmentJustification(OscalBaseModel):
    __root__: str = Field(
        ...,
        description=
        'If the selected security level is different from the base security level, this contains the justification for the change.',
        title='Adjustment Justification',
    )
Attributes¤
__root__: str pydantic-field required special ¤

If the selected security level is different from the base security level, this contains the justification for the change.

AuthorizationBoundary (OscalBaseModel) pydantic-model ¤

A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.

Source code in trestle/oscal/ssp.py
class AuthorizationBoundary(OscalBaseModel):
    """
    A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.
    """

    class Config:
        extra = Extra.forbid

    description: str = Field(
        ...,
        description="A summary of the system's authorization boundary.",
        title='Authorization Boundary Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    diagrams: Optional[List[Diagram]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A summary of the system's authorization boundary.

diagrams: List[trestle.oscal.ssp.Diagram] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

AvailabilityImpact (OscalBaseModel) pydantic-model ¤

The expected level of impact resulting from the disruption of access to or use of the described information or the information system.

Source code in trestle/oscal/ssp.py
class AvailabilityImpact(OscalBaseModel):
    """
    The expected level of impact resulting from the disruption of access to or use of the described information or the information system.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    base: Base
    selected: Optional[Selected] = None
    adjustment_justification: Optional[AdjustmentJustification] = Field(None, alias='adjustment-justification')
adjustment_justification: AdjustmentJustification pydantic-field ¤
base: Base pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
selected: Selected pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Base (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class Base(OscalBaseModel):
    __root__: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='The prescribed base (Confidentiality, Integrity, or Availability) security impact level.',
        title='Base Level (Confidentiality, Integrity, or Availability)',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

The prescribed base (Confidentiality, Integrity, or Availability) security impact level.

ByComponent (OscalBaseModel) pydantic-model ¤

Defines how the referenced component implements a set of controls.

Source code in trestle/oscal/ssp.py
class ByComponent(OscalBaseModel):
    """
    Defines how the referenced component implements a set of controls.
    """

    class Config:
        extra = Extra.forbid

    component_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='component-uuid',
        description='A machine-oriented identifier reference to the component that is implemeting a given control.',
        title='Component Universally Unique Identifier Reference',
    )
    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='By-Component Universally Unique Identifier',
    )
    description: str = Field(
        ...,
        description=
        'An implementation statement that describes how a control or a control statement is implemented within the referenced system component.',
        title='Control Implementation Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    set_parameters: Optional[List[SetParameter]] = Field(None, alias='set-parameters')
    implementation_status: Optional[common.ImplementationStatus] = Field(None, alias='implementation-status')
    export: Optional[Export] = Field(
        None,
        description='Identifies content intended for external consumption, such as with leveraged organizations.',
        title='Export',
    )
    inherited: Optional[List[Inherited]] = Field(None)
    satisfied: Optional[List[Satisfied]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
component_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to the component that is implemeting a given control.

description: str pydantic-field required ¤

An implementation statement that describes how a control or a control statement is implemented within the referenced system component.

export: Export pydantic-field ¤

Identifies content intended for external consumption, such as with leveraged organizations.

implementation_status: ImplementationStatus pydantic-field ¤
inherited: List[trestle.oscal.ssp.Inherited] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
satisfied: List[trestle.oscal.ssp.Satisfied] pydantic-field ¤
set_parameters: List[trestle.oscal.ssp.SetParameter] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this by-component entry elsewhere in this or other OSCAL instances. The locally defined UUID of the by-component entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Categorization (OscalBaseModel) pydantic-model ¤

A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.

Source code in trestle/oscal/ssp.py
class Categorization(OscalBaseModel):
    """
    A set of information type identifiers qualified by the given identification system used, such as NIST SP 800-60.
    """

    class Config:
        extra = Extra.forbid

    system: AnyUrl = Field(
        ...,
        description='Specifies the information type identification system used.',
        title='Information Type Identification System',
    )
    information_type_ids: Optional[List[InformationTypeId]] = Field(None, alias='information-type-ids')
Attributes¤
information_type_ids: List[trestle.oscal.ssp.InformationTypeId] pydantic-field ¤
system: AnyUrl pydantic-field required ¤

Specifies the information type identification system used.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

ConfidentialityImpact (OscalBaseModel) pydantic-model ¤

The expected level of impact resulting from the unauthorized disclosure of the described information.

Source code in trestle/oscal/ssp.py
class ConfidentialityImpact(OscalBaseModel):
    """
    The expected level of impact resulting from the unauthorized disclosure of the described information.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    base: Base
    selected: Optional[Selected] = None
    adjustment_justification: Optional[AdjustmentJustification] = Field(None, alias='adjustment-justification')
adjustment_justification: AdjustmentJustification pydantic-field ¤
base: Base pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
selected: Selected pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

ControlImplementation (OscalBaseModel) pydantic-model ¤

Describes how the system satisfies a set of controls.

Source code in trestle/oscal/ssp.py
class ControlImplementation(OscalBaseModel):
    """
    Describes how the system satisfies a set of controls.
    """

    class Config:
        extra = Extra.forbid

    description: str = Field(
        ...,
        description=
        'A statement describing important things to know about how this set of control satisfaction documentation is approached.',
        title='Control Implementation Description',
    )
    set_parameters: Optional[List[SetParameter]] = Field(None, alias='set-parameters')
    implemented_requirements: List[ImplementedRequirement] = Field(..., alias='implemented-requirements')
Attributes¤
description: str pydantic-field required ¤

A statement describing important things to know about how this set of control satisfaction documentation is approached.

implemented_requirements: List[trestle.oscal.ssp.ImplementedRequirement] pydantic-field required ¤
set_parameters: List[trestle.oscal.ssp.SetParameter] pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

DataFlow (OscalBaseModel) pydantic-model ¤

A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.

Source code in trestle/oscal/ssp.py
class DataFlow(OscalBaseModel):
    """
    A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.
    """

    class Config:
        extra = Extra.forbid

    description: str = Field(
        ...,
        description="A summary of the system's data flow.",
        title='Data Flow Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    diagrams: Optional[List[Diagram]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A summary of the system's data flow.

diagrams: List[trestle.oscal.ssp.Diagram] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

DateAuthorized (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class DateAuthorized(OscalBaseModel):
    __root__: constr(
        regex=
        r'^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))(Z|[+-][0-9]{2}:[0-9]{2})?$'
    ) = Field(
        ...,
        description='The date the system received its authorization.',
        title='System Authorization Date',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

The date the system received its authorization.

Diagram (OscalBaseModel) pydantic-model ¤

A graphic that provides a visual representation the system, or some aspect of it.

Source code in trestle/oscal/ssp.py
class Diagram(OscalBaseModel):
    """
    A graphic that provides a visual representation the system, or some aspect of it.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Diagram ID',
    )
    description: Optional[str] = Field(None, description='A summary of the diagram.', title='Diagram Description')
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    caption: Optional[str] = Field(None, description='A brief caption to annotate the diagram.', title='Caption')
    remarks: Optional[common.Remarks] = None
Attributes¤
caption: str pydantic-field ¤

A brief caption to annotate the diagram.

description: str pydantic-field ¤

A summary of the diagram.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this diagram elsewhere in this or other OSCAL instances. The locally defined UUID of the diagram can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Export (OscalBaseModel) pydantic-model ¤

Identifies content intended for external consumption, such as with leveraged organizations.

Source code in trestle/oscal/ssp.py
class Export(OscalBaseModel):
    """
    Identifies content intended for external consumption, such as with leveraged organizations.
    """

    class Config:
        extra = Extra.forbid

    description: Optional[str] = Field(
        None,
        description=
        'An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.',
        title='Control Implementation Export Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    provided: Optional[List[Provided]] = Field(None)
    responsibilities: Optional[List[Responsibility]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field ¤

An implementation statement that describes the aspects of the control or control statement implementation that can be available to another system leveraging this system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
provided: List[trestle.oscal.ssp.Provided] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsibilities: List[trestle.oscal.ssp.Responsibility] pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

ImplementedRequirement (OscalBaseModel) pydantic-model ¤

Describes how the system satisfies an individual control.

Source code in trestle/oscal/ssp.py
class ImplementedRequirement(OscalBaseModel):
    """
    Describes how the system satisfies an individual control.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Control Requirement Universally Unique Identifier',
    )
    control_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='control-id',
        description=
        'A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).',
        title='Control Identifier Reference',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    set_parameters: Optional[List[SetParameter]] = Field(None, alias='set-parameters')
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    statements: Optional[List[Statement]] = Field(None)
    by_components: Optional[List[ByComponent]] = Field(None, alias='by-components')
    remarks: Optional[common.Remarks] = None
Attributes¤
by_components: List[trestle.oscal.ssp.ByComponent] pydantic-field ¤
control_id: ConstrainedStrValue pydantic-field required ¤

A human-oriented identifier reference to a control with a corresponding id value. When referencing an externally defined control, the Control Identifier Reference must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
set_parameters: List[trestle.oscal.ssp.SetParameter] pydantic-field ¤
statements: List[trestle.oscal.ssp.Statement] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control requirement elsewhere in this or other OSCAL instances. The locally defined UUID of the control requirement can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

ImportProfile (OscalBaseModel) pydantic-model ¤

Used to import the OSCAL profile representing the system's control baseline.

Source code in trestle/oscal/ssp.py
class ImportProfile(OscalBaseModel):
    """
    Used to import the OSCAL profile representing the system's control baseline.
    """

    class Config:
        extra = Extra.forbid

    href: str = Field(
        ...,
        description="A resolvable URL reference to the profile to use as the system's control baseline.",
        title='Profile Reference',
    )
    remarks: Optional[common.Remarks] = None
Attributes¤
href: str pydantic-field required ¤

A resolvable URL reference to the profile to use as the system's control baseline.

remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

InformationType (OscalBaseModel) pydantic-model ¤

Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.

Source code in trestle/oscal/ssp.py
class InformationType(OscalBaseModel):
    """
    Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.
    """

    class Config:
        extra = Extra.forbid

    uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Information Type Universally Unique Identifier',
    )
    title: str = Field(
        ...,
        description=
        'A human readable name for the information type. This title should be meaningful within the context of the system.',
        title='title field',
    )
    description: str = Field(
        ...,
        description='A summary of how this information type is used within the system.',
        title='Information Type Description',
    )
    categorizations: Optional[List[Categorization]] = Field(None)
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    confidentiality_impact: ConfidentialityImpact = Field(
        ...,
        alias='confidentiality-impact',
        description=
        'The expected level of impact resulting from the unauthorized disclosure of the described information.',
        title='Confidentiality Impact Level',
    )
    integrity_impact: IntegrityImpact = Field(
        ...,
        alias='integrity-impact',
        description=
        'The expected level of impact resulting from the unauthorized modification of the described information.',
        title='Integrity Impact Level',
    )
    availability_impact: AvailabilityImpact = Field(
        ...,
        alias='availability-impact',
        description=
        'The expected level of impact resulting from the disruption of access to or use of the described information or the information system.',
        title='Availability Impact Level',
    )
Attributes¤
availability_impact: AvailabilityImpact pydantic-field required ¤

The expected level of impact resulting from the disruption of access to or use of the described information or the information system.

categorizations: List[trestle.oscal.ssp.Categorization] pydantic-field ¤
confidentiality_impact: ConfidentialityImpact pydantic-field required ¤

The expected level of impact resulting from the unauthorized disclosure of the described information.

description: str pydantic-field required ¤

A summary of how this information type is used within the system.

integrity_impact: IntegrityImpact pydantic-field required ¤

The expected level of impact resulting from the unauthorized modification of the described information.

props: List[trestle.oscal.common.Property] pydantic-field ¤
title: str pydantic-field required ¤

A human readable name for the information type. This title should be meaningful within the context of the system.

uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this information type elsewhere in this or other OSCAL instances. The locally defined UUID of the information type can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

InformationTypeId (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class InformationTypeId(OscalBaseModel):
    __root__: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description=
        'A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Information Type Systematized Identifier',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

A human-oriented, globally unique identifier qualified by the given identification system used, such as NIST SP 800-60. This identifier has cross-instance scope and can be used to reference this system elsewhere in this or other OSCAL instances. This id should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Inherited (OscalBaseModel) pydantic-model ¤

Describes a control implementation inherited by a leveraging system.

Source code in trestle/oscal/ssp.py
class Inherited(OscalBaseModel):
    """
    Describes a control implementation inherited by a leveraging system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Inherited Universally Unique Identifier',
    )
    provided_uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        alias='provided-uuid',
        description=
        'A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.',
        title='Provided UUID',
    )
    description: str = Field(
        ...,
        description=
        'An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.',
        title='Inherited Control Implementation Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
Attributes¤
description: str pydantic-field required ¤

An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is inheriting from a leveraged system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
provided_uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.

responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this inherited entry elsewhere in this or other OSCAL instances. The locally defined UUID of the inherited control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

IntegrityImpact (OscalBaseModel) pydantic-model ¤

The expected level of impact resulting from the unauthorized modification of the described information.

Source code in trestle/oscal/ssp.py
class IntegrityImpact(OscalBaseModel):
    """
    The expected level of impact resulting from the unauthorized modification of the described information.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    base: Base
    selected: Optional[Selected] = None
    adjustment_justification: Optional[AdjustmentJustification] = Field(None, alias='adjustment-justification')
adjustment_justification: AdjustmentJustification pydantic-field ¤
base: Base pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
selected: Selected pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

LeveragedAuthorization (OscalBaseModel) pydantic-model ¤

A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.

Source code in trestle/oscal/ssp.py
class LeveragedAuthorization(OscalBaseModel):
    """
    A description of another authorized system from which this system inherits capabilities that satisfy security requirements. Another term for this concept is a common control provider.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Leveraged Authorization Universally Unique Identifier',
    )
    title: str = Field(
        ...,
        description='A human readable name for the leveraged authorization in the context of the system.',
        title='title field',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    party_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='party-uuid',
        description='A machine-oriented identifier reference to the party that manages the leveraged system.',
        title='party-uuid field',
    )
    date_authorized: DateAuthorized = Field(..., alias='date-authorized')
    remarks: Optional[common.Remarks] = None
Attributes¤
date_authorized: DateAuthorized pydantic-field required ¤
party_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to the party that manages the leveraged system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
title: str pydantic-field required ¤

A human readable name for the leveraged authorization in the context of the system.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope and can be used to reference this leveraged authorization elsewhere in this or other OSCAL instances. The locally defined UUID of the leveraged authorization can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Model (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class Model(OscalBaseModel):
    system_security_plan: SystemSecurityPlan = Field(..., alias='system-security-plan')
system_security_plan: SystemSecurityPlan pydantic-field required ¤

NetworkArchitecture (OscalBaseModel) pydantic-model ¤

A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.

Source code in trestle/oscal/ssp.py
class NetworkArchitecture(OscalBaseModel):
    """
    A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.
    """

    class Config:
        extra = Extra.forbid

    description: str = Field(
        ...,
        description="A summary of the system's network architecture.",
        title='Network Architecture Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    diagrams: Optional[List[Diagram]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A summary of the system's network architecture.

diagrams: List[trestle.oscal.ssp.Diagram] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Provided (OscalBaseModel) pydantic-model ¤

Describes a capability which may be inherited by a leveraging system.

Source code in trestle/oscal/ssp.py
class Provided(OscalBaseModel):
    """
    Describes a capability which may be inherited by a leveraging system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Provided Universally Unique Identifier',
    )
    description: str = Field(
        ...,
        description=
        'An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.',
        title='Provided Control Implementation Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

An implementation statement that describes the aspects of the control or control statement implementation that can be provided to another system leveraging this system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this provided entry elsewhere in this or other OSCAL instances. The locally defined UUID of the provided entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Responsibility (OscalBaseModel) pydantic-model ¤

Describes a control implementation responsibility imposed on a leveraging system.

Source code in trestle/oscal/ssp.py
class Responsibility(OscalBaseModel):
    """
    Describes a control implementation responsibility imposed on a leveraging system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Responsibility Universally Unique Identifier',
    )
    provided_uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        alias='provided-uuid',
        description=
        'A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.',
        title='Provided UUID',
    )
    description: str = Field(
        ...,
        description=
        'An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.',
        title='Control Implementation Responsibility Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

An implementation statement that describes the aspects of the control or control statement implementation that a leveraging system must implement to satisfy the control provided by a leveraged system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
provided_uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented identifier reference to an inherited control implementation that a leveraging system is inheriting from a leveraged system.

remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this responsibility elsewhere in this or other OSCAL instances. The locally defined UUID of the responsibility can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Satisfied (OscalBaseModel) pydantic-model ¤

Describes how this system satisfies a responsibility imposed by a leveraged system.

Source code in trestle/oscal/ssp.py
class Satisfied(OscalBaseModel):
    """
    Describes how this system satisfies a responsibility imposed by a leveraged system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Satisfied Universally Unique Identifier',
    )
    responsibility_uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        alias='responsibility-uuid',
        description=
        'A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.',
        title='Responsibility UUID',
    )
    description: str = Field(
        ...,
        description=
        'An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.',
        title='Satisfied Control Implementation Responsibility Description',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

An implementation statement that describes the aspects of a control or control statement implementation that a leveraging system is implementing based on a requirement from a leveraged system.

props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsibility_uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented identifier reference to a control implementation that satisfies a responsibility imposed by a leveraged system.

responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this satisfied control implementation entry elsewhere in this or other OSCAL instances. The locally defined UUID of the control implementation can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SecurityImpactLevel (OscalBaseModel) pydantic-model ¤

The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.

Source code in trestle/oscal/ssp.py
class SecurityImpactLevel(OscalBaseModel):
    """
    The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.
    """

    class Config:
        extra = Extra.forbid

    security_objective_confidentiality: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        alias='security-objective-confidentiality',
        description=
        'A target-level of confidentiality for the system, based on the sensitivity of information within the system.',
        title='Security Objective: Confidentiality',
    )
    security_objective_integrity: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        alias='security-objective-integrity',
        description=
        'A target-level of integrity for the system, based on the sensitivity of information within the system.',
        title='Security Objective: Integrity',
    )
    security_objective_availability: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        alias='security-objective-availability',
        description=
        'A target-level of availability for the system, based on the sensitivity of information within the system.',
        title='Security Objective: Availability',
    )
Attributes¤
security_objective_availability: ConstrainedStrValue pydantic-field required ¤

A target-level of availability for the system, based on the sensitivity of information within the system.

security_objective_confidentiality: ConstrainedStrValue pydantic-field required ¤

A target-level of confidentiality for the system, based on the sensitivity of information within the system.

security_objective_integrity: ConstrainedStrValue pydantic-field required ¤

A target-level of integrity for the system, based on the sensitivity of information within the system.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Selected (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/ssp.py
class Selected(OscalBaseModel):
    __root__: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='The selected (Confidentiality, Integrity, or Availability) security impact level.',
        title='Selected Level (Confidentiality, Integrity, or Availability)',
    )
Attributes¤
__root__: ConstrainedStrValue pydantic-field required special ¤

The selected (Confidentiality, Integrity, or Availability) security impact level.

SetParameter (OscalBaseModel) pydantic-model ¤

Identifies the parameter that will be set by the enclosed value.

Source code in trestle/oscal/ssp.py
class SetParameter(OscalBaseModel):
    """
    Identifies the parameter that will be set by the enclosed value.
    """

    class Config:
        extra = Extra.forbid

    param_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='param-id',
        description=
        "A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.",
        title='Parameter ID',
    )
    values: List[common.Value] = Field(...)
    remarks: Optional[common.Remarks] = None
Attributes¤
param_id: ConstrainedStrValue pydantic-field required ¤

A human-oriented reference to a parameter within a control, who's catalog has been imported into the current implementation context.

remarks: Remarks pydantic-field ¤
values: List[trestle.oscal.common.Value] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

State (Enum) ¤

The current operating status.

Source code in trestle/oscal/ssp.py
class State(Enum):
    """
    The current operating status.
    """

    operational = 'operational'
    under_development = 'under-development'
    under_major_modification = 'under-major-modification'
    disposition = 'disposition'
    other = 'other'
disposition ¤
operational ¤
other ¤
under_development ¤
under_major_modification ¤

State1 (Enum) ¤

The operational status.

Source code in trestle/oscal/ssp.py
class State1(Enum):
    """
    The operational status.
    """

    under_development = 'under-development'
    operational = 'operational'
    disposition = 'disposition'
    other = 'other'
disposition ¤
operational ¤
other ¤
under_development ¤

Statement (OscalBaseModel) pydantic-model ¤

Identifies which statements within a control are addressed.

Source code in trestle/oscal/ssp.py
class Statement(OscalBaseModel):
    """
    Identifies which statements within a control are addressed.
    """

    class Config:
        extra = Extra.forbid

    statement_id: constr(
        regex=
        r'^[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-\.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$'
    ) = Field(
        ...,
        alias='statement-id',
        description='A human-oriented identifier reference to a control statement.',
        title='Control Statement Reference',
    )
    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).',
        title='Control Statement Reference Universally Unique Identifier',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    by_components: Optional[List[ByComponent]] = Field(None, alias='by-components')
    remarks: Optional[common.Remarks] = None
Attributes¤
by_components: List[trestle.oscal.ssp.ByComponent] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
statement_id: ConstrainedStrValue pydantic-field required ¤

A human-oriented identifier reference to a control statement.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this control statement elsewhere in this or other OSCAL instances. The UUID of the control statement in the source OSCAL instance is sufficient to reference the data item locally or globally (e.g., in an imported OSCAL instance).

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Status (OscalBaseModel) pydantic-model ¤

Describes the operational status of the system component.

Source code in trestle/oscal/ssp.py
class Status(OscalBaseModel):
    """
    Describes the operational status of the system component.
    """

    class Config:
        extra = Extra.forbid

    state: State1 = Field(..., description='The operational status.', title='State')
    remarks: Optional[common.Remarks] = None
Attributes¤
remarks: Remarks pydantic-field ¤
state: State1 pydantic-field required ¤

The operational status.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

Status1 (OscalBaseModel) pydantic-model ¤

Describes the operational status of the system.

Source code in trestle/oscal/ssp.py
class Status1(OscalBaseModel):
    """
    Describes the operational status of the system.
    """

    class Config:
        extra = Extra.forbid

    state: State = Field(..., description='The current operating status.', title='State')
    remarks: Optional[common.Remarks] = None
Attributes¤
remarks: Remarks pydantic-field ¤
state: State pydantic-field required ¤

The current operating status.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SystemCharacteristics (OscalBaseModel) pydantic-model ¤

Contains the characteristics of the system, such as its name, purpose, and security impact level.

Source code in trestle/oscal/ssp.py
class SystemCharacteristics(OscalBaseModel):
    """
    Contains the characteristics of the system, such as its name, purpose, and security impact level.
    """

    class Config:
        extra = Extra.forbid

    system_ids: List[common.SystemId] = Field(..., alias='system-ids')
    system_name: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        alias='system-name',
        description='The full name of the system.',
        title='System Name - Full',
    )
    system_name_short: Optional[constr(regex=r'^\S(.*\S)?$')] = Field(
        None,
        alias='system-name-short',
        description=
        'A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.',
        title='System Name - Short',
    )
    description: str = Field(..., description='A summary of the system.', title='System Description')
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    date_authorized: Optional[DateAuthorized] = Field(None, alias='date-authorized')
    security_sensitivity_level: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        alias='security-sensitivity-level',
        description='The overall information system sensitivity categorization, such as defined by FIPS-199.',
        title='Security Sensitivity Level',
    )
    system_information: SystemInformation = Field(..., alias='system-information')
    security_impact_level: SecurityImpactLevel = Field(..., alias='security-impact-level')
    status: Status1
    authorization_boundary: AuthorizationBoundary = Field(..., alias='authorization-boundary')
    network_architecture: Optional[NetworkArchitecture] = Field(None, alias='network-architecture')
    data_flow: Optional[DataFlow] = Field(None, alias='data-flow')
    responsible_parties: Optional[List[common.ResponsibleParty]] = Field(None, alias='responsible-parties')
    remarks: Optional[common.Remarks] = None
Attributes¤
authorization_boundary: AuthorizationBoundary pydantic-field required ¤
data_flow: DataFlow pydantic-field ¤
date_authorized: DateAuthorized pydantic-field ¤
description: str pydantic-field required ¤

A summary of the system.

network_architecture: NetworkArchitecture pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
responsible_parties: List[trestle.oscal.common.ResponsibleParty] pydantic-field ¤
security_impact_level: SecurityImpactLevel pydantic-field required ¤
security_sensitivity_level: ConstrainedStrValue pydantic-field required ¤

The overall information system sensitivity categorization, such as defined by FIPS-199.

status: Status1 pydantic-field required ¤
system_ids: List[trestle.oscal.common.SystemId] pydantic-field required ¤
system_information: SystemInformation pydantic-field required ¤
system_name: ConstrainedStrValue pydantic-field required ¤

The full name of the system.

system_name_short: ConstrainedStrValue pydantic-field ¤

A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SystemComponent (OscalBaseModel) pydantic-model ¤

A defined component that can be part of an implemented system.

Source code in trestle/oscal/ssp.py
class SystemComponent(OscalBaseModel):
    """
    A defined component that can be part of an implemented system.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Component Identifier',
    )
    type: constr(regex=r'^\S(.*\S)?$') = Field(
        ...,
        description='A category describing the purpose of the component.',
        title='Component Type',
    )
    title: str = Field(
        ...,
        description='A human readable name for the system component.',
        title='Component Title',
    )
    description: str = Field(
        ...,
        description='A description of the component, including information about its function.',
        title='Component Description',
    )
    purpose: Optional[str] = Field(
        None,
        description='A summary of the technological or business purpose of the component.',
        title='Purpose',
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    status: Status = Field(
        ...,
        description='Describes the operational status of the system component.',
        title='Status',
    )
    responsible_roles: Optional[List[common.ResponsibleRole]] = Field(None, alias='responsible-roles')
    protocols: Optional[List[common.Protocol]] = Field(None)
    remarks: Optional[common.Remarks] = None
Attributes¤
description: str pydantic-field required ¤

A description of the component, including information about its function.

props: List[trestle.oscal.common.Property] pydantic-field ¤
protocols: List[trestle.oscal.common.Protocol] pydantic-field ¤
purpose: str pydantic-field ¤

A summary of the technological or business purpose of the component.

remarks: Remarks pydantic-field ¤
responsible_roles: List[trestle.oscal.common.ResponsibleRole] pydantic-field ¤
status: Status pydantic-field required ¤

Describes the operational status of the system component.

title: str pydantic-field required ¤

A human readable name for the system component.

type: ConstrainedStrValue pydantic-field required ¤

A category describing the purpose of the component.

uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this component elsewhere in this or other OSCAL instances. The locally defined UUID of the component can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SystemImplementation (OscalBaseModel) pydantic-model ¤

Provides information as to how the system is implemented.

Source code in trestle/oscal/ssp.py
class SystemImplementation(OscalBaseModel):
    """
    Provides information as to how the system is implemented.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    leveraged_authorizations: Optional[List[LeveragedAuthorization]] = Field(None, alias='leveraged-authorizations')
    users: List[common.SystemUser] = Field(...)
    components: List[SystemComponent] = Field(...)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    remarks: Optional[common.Remarks] = None
components: List[trestle.oscal.ssp.SystemComponent] pydantic-field required ¤
inventory_items: List[trestle.oscal.common.InventoryItem] pydantic-field ¤
leveraged_authorizations: List[trestle.oscal.ssp.LeveragedAuthorization] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
remarks: Remarks pydantic-field ¤
users: List[trestle.oscal.common.SystemUser] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SystemInformation (OscalBaseModel) pydantic-model ¤

Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.

Source code in trestle/oscal/ssp.py
class SystemInformation(OscalBaseModel):
    """
    Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in NIST SP 800-60.
    """

    class Config:
        extra = Extra.forbid

    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    information_types: List[InformationType] = Field(..., alias='information-types')
information_types: List[trestle.oscal.ssp.InformationType] pydantic-field required ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

SystemSecurityPlan (OscalBaseModel) pydantic-model ¤

A system security plan, such as those described in NIST SP 800-18

Source code in trestle/oscal/ssp.py
class SystemSecurityPlan(OscalBaseModel):
    """
    A system security plan, such as those described in NIST SP 800-18
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='System Security Plan Universally Unique Identifier',
    )
    metadata: common.Metadata
    import_profile: ImportProfile = Field(..., alias='import-profile')
    system_characteristics: SystemCharacteristics = Field(..., alias='system-characteristics')
    system_implementation: SystemImplementation = Field(..., alias='system-implementation')
    control_implementation: ControlImplementation = Field(..., alias='control-implementation')
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter: BackMatter pydantic-field ¤
control_implementation: ControlImplementation pydantic-field required ¤
import_profile: ImportProfile pydantic-field required ¤
metadata: Metadata pydantic-field required ¤
system_characteristics: SystemCharacteristics pydantic-field required ¤
system_implementation: SystemImplementation pydantic-field required ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this system security plan (SSP) elsewhere in this or other OSCAL instances. The locally defined UUID of the SSP can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/ssp.py
class Config:
    extra = Extra.forbid

handler: python