diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 8660635..ca4c49a 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -5,7 +5,7 @@ # https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md # Enable all rules by default -default: true +default: false # Disable deprecated rules MD002: false @@ -22,23 +22,13 @@ MD003: MD013: # 120 characters should be readable in the vast majority of terminals - line_length: 120 - code_block_line_length: 120 + line_length: 1120 + code_block_line_length: 1120 stern: true MD035: style: "---" -MD044: - names: - # These names have the potential to occur with incorrect capitalization - # within documentation; we want to ensure that they are always capitalized - # correctly. - - "OSCAL" - - "NIST" - - "Easy Dynamics" - # In code, these names are allowed to occur with incorrect capitalization - code_blocks: false MD046: # Using fenced (```) for code blocks more clearly delineates the code from diff --git a/.yamllint.yaml b/.yamllint.yaml index 8b77b23..0ecdef6 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -4,6 +4,6 @@ extends: default rules: # 120 chars should be enough, but don't fail if a line is longer line-length: - max: 120 + max: 1120 level: warning allow-non-breakable-words: true diff --git a/OSCALRestOpenAPI.json b/OSCALRestOpenAPI.json new file mode 100644 index 0000000..05ce7f1 --- /dev/null +++ b/OSCALRestOpenAPI.json @@ -0,0 +1,14606 @@ +{ + "openapi": "3.1.0", + "info": { + "title": "OSCAL REST", + "description": "This is an open-source REST API specification for exchanging [OSCAL](https://pages.nist.gov/OSCAL/) content between tools and organizations.\n\nThe _OSCAL REST OpenAPI Specification_ addresses OSCAL XML, JSON and YAML content for all seven OSCAL models. Each OSCAL model has a primary set of REST API methods and endpoints for the OSCAL content itself, as well as methods and endpoints for snapshots and attachments. OSCAL profiles also have methods and endpoints for live profile resolution and snapshots of resolved profiles.\n\nFor an overview and more information, visit [https://docs.oscal.io/docs/oscal-rest-openapi](https://docs.oscal.io/docs/oscal-rest-openapi)\n\n---\n\n**Known-Issue: OSCAL XML Representation**\n\nThere is a [known-issue](https://github.com/OAI/OpenAPI-Specification/issues/630) that prevents proper expression of OSCAL XML in OpenAPI.\n\nWhen the specification calls for OSCAL content to be accepted or returned, the content must be fully OSCAL valid. Even if the specification shows a non-compliant schema or example.", + "contact": { + "name" : "OSCAL Community", + "email": "oscal@oscal.io", + "url" : "https://docs.oscal.io/docs/oscal-rest-openapi" + }, + "license" : { + "name" : "Creative Commons Attribution Share Alike 4.0 International", + "url" : "https://github.com/EasyDynamics/oscal-rest/blob/develop/LICENSE" + }, + "version": "1.0.0" + }, + "externalDocs": { + "description": "Find out more about OSCAL", + "url": "https://pages.nist.gov/OSCAL" + }, + "servers": [ + { + "url": "http://localhost:8080/oscal/v1" + } + ], + "tags": [ + { + "name": "OSCAL Catalog", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/control/catalog/" + } + }, + { + "name": "OSCAL Profile", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/control/profile/" + } + }, + { + "name": "OSCAL System Security Plan", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/ssp/" + } + }, + { + "name": "OSCAL Component Definition", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/component-definition/" + } + }, + { + "name": "OSCAL Plan of Action and Milestones", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/poam/" + } + }, + { + "name": "OSCAL Assessment Plan", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-plan/" + } + }, + { + "name": "OSCAL Assessment Results", + "externalDocs": { + "description": "Find out more", + "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-results/" + } + } + ], + "paths": { + "/assessment-plan": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns a list of every relevant assessment plan.", + "description": "Returns a list of every relevant assessment plan.", + "operationId": "getAssessmentPlan", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlansEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Adds a new assessment plan.", + "description": "Adds a new assessment plan.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postAssessmentPlan", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlanEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlan" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlanXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlan" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns the assessment plan represented by the assessment plan ID.", + "description": "Returns the assessment plan represented by the assessment plan ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getAssessmentPlanById", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlan" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlanXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlan" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Replaces the assessment plan represented by the assessment plan ID.", + "description": "Replaces the assessment plan represented by the assessment plan ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putAssessmentPlan", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlan" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlanXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentPlan" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Deletes the assessment plan represented by the assessment plan ID.", + "description": "Deletes the assessment plan represented by the assessment plan ID.", + "operationId": "deleteAssessmentPlan", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}/attachment": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getAssessmentPlanAttachment", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postAssessmentPlanAttachment", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getAssessmentPlanAttachmentByUuid", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putAssessmentPlanAttachment", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteAssessmentPlanAttachment", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getAssessmentPlanAttachmentResourceBy", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putAssessmentPlanAttachmentResource", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}/snapshot": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getAssessmentPlanSnapshot", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlansSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postAssessmentPlanSnapshot", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlansSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/assessment-plan/{assessmentPlanID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getAssessmentPlanSnapshotById", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlan" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlanXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentPlan" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putAssessmentPlanSnapshot", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Plan" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteAssessmentPlanSnapshot", + "parameters": [ + { + "name": "assessmentPlanID", + "in": "path", + "description": "ID of AssessmentPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentPlan", + "write:assessmentPlan" + ] + } + ] + } + }, + "/profile": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns a list of every relevant profile.", + "description": "Returns a list of every relevant profile.", + "operationId": "getProfile", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfilesEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Adds a new profile.", + "description": "Adds a new profile.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postProfile", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfileEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfile" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfileXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfile" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns the profile represented by the profile ID.", + "description": "Returns the profile represented by the profile ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getProfileById", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfileXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Replaces the profile represented by the profile ID.", + "description": "Replaces the profile represented by the profile ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putProfile", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfile" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfileXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALProfile" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Deletes the profile represented by the profile ID.", + "description": "Deletes the profile represented by the profile ID.", + "operationId": "deleteProfile", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/resolved-catalog": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.", + "description": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getProfileResolvedCatalogBy", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + } + }, + "/profile/{profileID}/attachment": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getProfileAttachment", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postProfileAttachment", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getProfileAttachmentByUuid", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putProfileAttachment", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteProfileAttachment", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getProfileAttachmentResourceBy", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putProfileAttachmentResource", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/snapshot": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getProfileSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfilesSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postProfileSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfilesSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getProfileSnapshotById", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfileXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putProfileSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteProfileSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/resolved-snapshot": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns a list of every relevant resolved profile catalog.", + "description": "Returns a list of every relevant resolved profile catalog.", + "operationId": "getProfileResolvedSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResolvedSnapshotsSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Resolves the profile and saves the result.", + "description": "Processes the profile and creates a snapshot as a resolved profile catalog. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property and a `snapshot-type` set to `resolved-profile` in the OSCAL document's `metadata` as follows:\n\n - **Resolved Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"`\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation implementation _may_ set a `snapshot-description` property, as well as `snapshot-label` and additional `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Resolved Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional resolved snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postProfileResolvedSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResolvedSnapshotsSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/profile/{profileID}/resolved-snapshot/{resolvedSnapshotID}": { + "get": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Returns the resolved profile catalog represented by the resolved profile catalog ID.", + "description": "Returns the resolved profile catalog represented by the resolved profile catalog ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getProfileResolvedSnapshotById", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resolvedSnapshotID", + "in": "path", + "description": "ID of ResolvedSnapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfileXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALProfile" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Modifies the snapshot description, types and label.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putProfileResolvedSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resolvedSnapshotID", + "in": "path", + "description": "ID of ResolvedSnapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Profile" + ], + "summary": "Deletes the resolved snapshot represented by the resolved snapshot ID.", + "description": "Deletes the resolved snapshot represented by the resolved snapshot ID.", + "operationId": "deleteProfileResolvedSnapshot", + "parameters": [ + { + "name": "profileID", + "in": "path", + "description": "ID of Profile", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resolvedSnapshotID", + "in": "path", + "description": "ID of ResolvedSnapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:profile", + "write:profile" + ] + } + ] + } + }, + "/assessment-results": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns a list of every relevant assessment results.", + "description": "Returns a list of every relevant assessment results.", + "operationId": "getAssessmentResults", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsListEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Adds a new assessment results.", + "description": "Adds a new assessment results.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postAssessmentResults", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResults" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResultsXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResults" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns the assessment results represented by the assessment results ID.", + "description": "Returns the assessment results represented by the assessment results ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getAssessmentResultsById", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResults" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResults" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Replaces the assessment results represented by the assessment results ID.", + "description": "Replaces the assessment results represented by the assessment results ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putAssessmentResults", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResults" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResultsXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALAssessmentResults" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Deletes the assessment results represented by the assessment results ID.", + "description": "Deletes the assessment results represented by the assessment results ID.", + "operationId": "deleteAssessmentResults", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}/attachment": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getAssessmentResultsAttachment", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postAssessmentResultsAttachment", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getAssessmentResultsAttachmentByUuid", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putAssessmentResultsAttachment", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteAssessmentResultsAttachment", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getAssessmentResultsAttachmentResourceBy", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putAssessmentResultsAttachmentResource", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}/snapshot": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getAssessmentResultsSnapshot", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsListSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postAssessmentResultsSnapshot", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsListSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/assessment-results/{assessmentResultsID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getAssessmentResultsSnapshotById", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResults" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResultsXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALAssessmentResults" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putAssessmentResultsSnapshot", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Assessment Results" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteAssessmentResultsSnapshot", + "parameters": [ + { + "name": "assessmentResultsID", + "in": "path", + "description": "ID of AssessmentResults", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:assessmentResults", + "write:assessmentResults" + ] + } + ] + } + }, + "/catalog": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns a list of every relevant catalog.", + "description": "Returns a list of every relevant catalog.", + "operationId": "getCatalog", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogsEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Adds a new catalog.", + "description": "Adds a new catalog.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postCatalog", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalog" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalogXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalogPlan" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns the catalog represented by the catalog ID.", + "description": "Returns the catalog represented by the catalog ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getCatalogById", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Replaces the catalog represented by the catalog ID.", + "description": "Replaces the catalog represented by the catalog ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putCatalog", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalog" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalogXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALCatalog" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Deletes the catalog represented by the catalog ID.", + "description": "Deletes the catalog represented by the catalog ID.", + "operationId": "deleteCatalog", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}/attachment": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getCatalogAttachment", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postCatalogAttachment", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getCatalogAttachmentByUuid", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putCatalogAttachment", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteCatalogAttachment", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getCatalogAttachmentResourceBy", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putCatalogAttachmentResource", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}/snapshot": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getCatalogSnapshot", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogsSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postCatalogSnapshot", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogsSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/catalog/{catalogID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getCatalogSnapshotById", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalogXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALCatalog" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putCatalogSnapshot", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Catalog" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteCatalogSnapshot", + "parameters": [ + { + "name": "catalogID", + "in": "path", + "description": "ID of Catalog", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:catalog", + "write:catalog" + ] + } + ] + } + }, + "/system-security-plan": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns a list of every relevant system security plan.", + "description": "Returns a list of every relevant system security plan.", + "operationId": "getSystemSecurityPlan", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlansEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:systemSecurityPlan" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Adds a new system security plan.", + "description": "Adds a new system security plan.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postSystemSecurityPlan", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlanEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlanXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:systemSecurityPlan", + "write:systemSecurityPlan" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns the system security plan represented by the system security plan ID.", + "description": "Returns the system security plan represented by the system security plan ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getSystemSecurityPlanById", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlan" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlanXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlan" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:systemSecurityPlan" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Replaces the system security plan represented by the system security plan ID.", + "description": "Replaces the system security plan represented by the system security plan ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putSystemSecurityPlan", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlanXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:systemSecurityPlan", + "write:systemSecurityPlan" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Deletes the system security plan represented by the system security plan ID.", + "description": "Deletes the system security plan represented by the system security plan ID.", + "operationId": "deleteSystemSecurityPlan", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:systemSecurityPlan", + "write:systemSecurityPlan" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}/attachment": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getSystemSecurityPlanAttachment", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postSystemSecurityPlanAttachment", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment", + "write:attachment" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getSystemSecurityPlanAttachmentByUuid", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putSystemSecurityPlanAttachment", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment", + "write:attachment" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteSystemSecurityPlanAttachment", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment", + "write:attachment" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getSystemSecurityPlanAttachmentResourceBy", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putSystemSecurityPlanAttachmentResource", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:attachment", + "write:attachment" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}/snapshot": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getSystemSecurityPlanSnapshot", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlansSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:snapshot" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postSystemSecurityPlanSnapshot", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlansSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:snapshot", + "write:snapshot" + ] + } + ] + } + }, + "/system-security-plan/{systemSecurityPlanID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getSystemSecurityPlanSnapshotById", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlan" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlanXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALSystemSecurityPlan" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:snapshot" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putSystemSecurityPlanSnapshot", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:snapshot", + "write:snapshot" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL System Security Plan" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteSystemSecurityPlanSnapshot", + "parameters": [ + { + "name": "systemSecurityPlanID", + "in": "path", + "description": "ID of SystemSecurityPlan", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:snapshot", + "write:snapshot" + ] + } + ] + } + }, + "/plan-of-action-and-milestones": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns a list of every relevant plan of action and milestones.", + "description": "Returns a list of every relevant plan of action and milestones.", + "operationId": "getPlanOfActionAndMilestones", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Adds a new plan of action and milestones.", + "description": "Adds a new plan of action and milestones.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postPlanOfActionAndMilestones", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns the plan of action and milestones represented by the plan of action and milestones ID.", + "description": "Returns the plan of action and milestones represented by the plan of action and milestones ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getPlanOfActionAndMilestonesById", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Replaces the plan of action and milestones represented by the plan of action and milestones ID.", + "description": "Replaces the plan of action and milestones represented by the plan of action and milestones ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putPlanOfActionAndMilestones", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Deletes the plan of action and milestones represented by the plan of action and milestones ID.", + "description": "Deletes the plan of action and milestones represented by the plan of action and milestones ID.", + "operationId": "deletePlanOfActionAndMilestones", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getPlanOfActionAndMilestonesAttachment", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postPlanOfActionAndMilestonesAttachment", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getPlanOfActionAndMilestonesAttachmentByUuid", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putPlanOfActionAndMilestonesAttachment", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deletePlanOfActionAndMilestonesAttachment", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getPlanOfActionAndMilestonesAttachmentResourceBy", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putPlanOfActionAndMilestonesAttachmentResource", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getPlanOfActionAndMilestonesSnapshot", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postPlanOfActionAndMilestonesSnapshot", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getPlanOfActionAndMilestonesSnapshotById", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putPlanOfActionAndMilestonesSnapshot", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Plan of Action and Milestones" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deletePlanOfActionAndMilestonesSnapshot", + "parameters": [ + { + "name": "planOfActionAndMilestonesID", + "in": "path", + "description": "ID of PlanOfActionAndMilestones", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:planOfActionAndMilestones", + "write:planOfActionAndMilestones" + ] + } + ] + } + }, + "/component-definition": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns a list of every relevant component definition.", + "description": "Returns a list of every relevant component definition.", + "operationId": "getComponentDefinition", + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionsEntries" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Adds a new component definition.", + "description": "Adds a new component definition.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "postComponentDefinition", + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinition" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinitionXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinition" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns the component definition represented by the component definition ID.", + "description": "Returns the component definition represented by the component definition ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getComponentDefinitionById", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinition" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinition" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Replaces the component definition represented by the component definition ID.", + "description": "Replaces the component definition represented by the component definition ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", + "operationId": "putComponentDefinition", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "required" : true, + "content" : + { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinition" + } + }, + "application/xml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinitionXML" + } + }, + "application/yaml" : { + "schema" : { + "$ref" : "#/components/schemas/OSCALComponentDefinition" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Deletes the component definition represented by the component definition ID.", + "description": "Deletes the component definition represented by the component definition ID.", + "operationId": "deleteComponentDefinition", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}/attachment": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns a list of every relevant attachment.", + "description": "Returns a list of every relevant attachment.", + "operationId": "getComponentDefinitionAttachment", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachments" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Adds a new attachment and returns the UUID of the resource.", + "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", + "operationId": "postComponentDefinitionAttachment", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALAttachmentEntry" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}/attachment/{resourceUUID}": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns the attachment represented by the back-matter resource UUID.", + "description": "Returns the attachment represented by the back-matter resource UUID.", + "operationId": "getComponentDefinitionAttachmentByUuid", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "A binary file in any type", + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Replaces the attachment represented by the resource UUID.", + "description": "Replaces the attachment represented by the resource UUID.", + "operationId": "putComponentDefinitionAttachment", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Deletes the attachment and associated resource.", + "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", + "operationId": "deleteComponentDefinitionAttachment", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}/attachment/{resourceUUID}/resource": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Retrieves the OSCAL back-matter / resource information.", + "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "getComponentDefinitionAttachmentResourceBy", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Updates the content of the back-matter resource.", + "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", + "operationId": "putComponentDefinitionAttachmentResource", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "resourceUUID", + "in": "path", + "description": "UUID of Back Matter Resource", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALResource" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}/snapshot": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns a list of every relevant snapshot.", + "description": "Returns a list of every relevant snapshot.", + "operationId": "getComponentDefinitionSnapshot", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionsSnapshots" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "post": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Creates a snapshot of the file in its current state.", + "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "postComponentDefinitionSnapshot", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + } + ], + "responses": { + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionsSnapshots" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + }, + "/component-definition/{componentDefinitionID}/snapshot/{snapshotID}": { + "get": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Returns the snapshot represented by the snapshot ID.", + "description": "Returns the snapshot represented by the snapshot ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", + "operationId": "getComponentDefinitionSnapshotById", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinition" + } + }, + "application/xml": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinitionXML" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/OSCALComponentDefinition" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition" + ] + } + ] + }, + "put": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Modifies the snapshot description, types and labels.", + "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", + "operationId": "putComponentDefinitionSnapshot", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "415": { + "description": "Unsupported Media Type", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "422": { + "description": "Unprocessable Content", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALSnapshotAttributes" + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + }, + "delete": { + "tags": [ + "OSCAL Component Definition" + ], + "summary": "Deletes the snapshot represented by the snapshot ID.", + "description": "Deletes the snapshot represented by the snapshot ID.", + "operationId": "deleteComponentDefinitionSnapshot", + "parameters": [ + { + "name": "componentDefinitionID", + "in": "path", + "description": "ID of ComponentDefinition", + "required": true, + "schema": { + "$ref": "#/components/schemas/DocId" + } + }, + { + "name": "snapshotID", + "in": "path", + "description": "ID of Snapshot", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "409": { + "description": "Conflit", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + }, + "410": { + "description": "Gone", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OSCALErrorMessage" + } + } + } + } + }, + "security": [ + { + "oscal_auth": [ + "read:componentDefinition", + "write:componentDefinition" + ] + } + ] + } + } + }, + "components": { + "schemas": { + "OSCALCatalog": { + "type": "object", + "properties": { + "catalog": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog" + } + } + }, + "OSCALCatalogXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog", + "xml": { + "name": "catalog" + } + }, + "OSCALProfile": { + "type": "object", + "properties": { + "profile": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile" + } + } + }, + "OSCALProfileXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile", + "xml": { + "name": "profile" + } + }, + "OSCALComponentDefinition": { + "type": "object", + "properties": { + "component-definition": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition" + } + } + }, + "OSCALComponentDefinitionXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition", + "xml": { + "name": "component-definition" + } + }, + "OSCALSystemSecurityPlan": { + "type": "object", + "properties": { + "system-security-plan": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan" + } + } + }, + "OSCALSystemSecurityPlanXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan", + "xml": { + "name": "system-security-plan" + } + }, + "OSCALPlanOfActionAndMilestones": { + "type": "object", + "properties": { + "plan-of-action-and-milestones": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones" + } + } + }, + "OSCALPlanOfActionAndMilestonesXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones", + "xml": { + "name": "plan-of-action-and-milestones" + } + }, + "OSCALAssessmentPlan": { + "type": "object", + "properties": { + "assessment-plan": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan" + } + } + }, + "OSCALAssessmentPlanXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan", + "xml": { + "name": "assessment-plan" + } + }, + "OSCALErrorMessage": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "code": { + "type": "string" + } + } + }, + "OSCALAssessmentResults": { + "type": "object", + "properties": { + "assessment-results": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results" + } + } + }, + "OSCALAssessmentResultsXML": { + "type": "object", + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results", + "xml": { + "name": "assessment-results" + } + }, + "OSCALAttachmentEntry": { + "$ref": "#/components/schemas/OSCALResource" + }, + "OSCALAttachmentEntryXML": { + "$ref": "#/components/schemas/OSCALResourceXML" + }, + "OSCALAttachments": { + "type": "object", + "properties": { + "attachment-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALAttachmentNoBase64" + } + } + } + }, + "OSCALProfileEntry": { + "type": "object", + "properties": { + "profile-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALProfileEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "profile-list" + } + }, + "OSCALCatalogEntry": { + "type": "object", + "properties": { + "catalog-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALCatalogEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "catalog-list" + } + }, + "OSCALSystemSecurityPlanEntry": { + "type": "object", + "properties": { + "system-security-plan-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALSystemSecurityPlanEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "system-security-plan-list" + } + }, + "OSCALComponentDefinitionEntry": { + "type": "object", + "properties": { + "component-definition-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALComponentDefinitionEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "component-definition-list" + } + }, + "OSCALAssessmentPlanEntry": { + "type": "object", + "properties": { + "assessment-plan-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALAssessmentPlanEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "assessment-plan-list" + } + }, + "OSCALAssessmentResultsEntry": { + "type": "object", + "properties": { + "assessment-results-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALAssessmentResultsEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "assessment-results-list" + } + }, + "OSCALPlanOfActionAndMilestonesEntry": { + "type": "object", + "properties": { + "plan-of-action-and-milestones-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALPlanOfActionAndMilestonesEntryXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + }, + "xml": { + "name": "plan-of-action-and-milestones-list" + } + }, + "OSCALProfilesEntries": { + "type": "object", + "properties": { + "profile-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALComponentDefinitionsEntries": { + "type": "object", + "properties": { + "component-definition-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALPlanOfActionAndMilestonesListEntries": { + "type": "object", + "properties": { + "plan-of-action-and-milestones-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALAssessmentResultsListEntries": { + "type": "object", + "properties": { + "assessment-results-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALAssessmentPlansEntries": { + "type": "object", + "properties": { + "assessment-plan-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALSystemSecurityPlansEntries": { + "type": "object", + "properties": { + "system-security-plan-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALCatalogsEntries": { + "type": "object", + "properties": { + "catalog-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelEntry" + } + } + } + }, + "OSCALResolvedSnapshotsSnapshots": { + "type": "object", + "properties": { + "resolved-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALResolvedSnapshotsSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "resolved-snapshot-list" + } + }, + "OSCALCatalogsSnapshots": { + "type": "object", + "properties": { + "catalog-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALCatalogsSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "catalog-snapshot-list" + } + }, + "OSCALCatalogSnapshot": { + "type": "object", + "properties": { + "catalog-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALProfilesSnapshots": { + "type": "object", + "properties": { + "profile-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALProfilesSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "profile-snapshot-list" + } + }, + "OSCALProfileSnapshot": { + "type": "object", + "properties": { + "profile-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALSystemSecurityPlansSnapshots": { + "type": "object", + "properties": { + "system-security-plan-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALSystemSecurityPlansSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "system-security-plan-snapshot-list" + } + }, + "OSCALAttachmentNoBase64": { + "type": "object", + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "file-name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "title": { + "type": "string" + }, + "published": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" + }, + "remarks": { + "type": "string" + } + } + }, + "OSCALResource": { + "type": "object", + "properties": { + "resource": { + "properties": { + "uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "document-ids": { + "type": "array", + "items": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" + } + }, + "citation": { + "$ref": "#/components/schemas/OSCALCitation" + }, + "rlinks": { + "$ref": "#/components/schemas/OSCALRLinks" + }, + "base64": { + "$ref": "#/components/schemas/OSCALBase64" + }, + "remarks": { + "$ref": "#/components/schemas/OSCALRemarks" + } + } + } + } + }, + "OSCALResourceXML": { + "type": "object", + "properties": { + "uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "document-ids": { + "type": "array", + "items": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" + } + }, + "citation": { + "$ref": "#/components/schemas/OSCALCitation" + }, + "rlinks": { + "$ref": "#/components/schemas/OSCALRLinks" + }, + "base64": { + "$ref": "#/components/schemas/OSCALBase64" + }, + "remarks": { + "$ref": "#/components/schemas/OSCALRemarks" + } + }, + "xml": { + "name": "resource" + } + }, + "OSCALCitation": { + "type": "object", + "properties": { + "text": { + "type": "string" + }, + "props": { + "$ref": "#/components/schemas/OSCALProps" + }, + "links": { + "$ref": "#/components/schemas/OSCALLinks" + } + } + }, + "OSCALLink": { + "type": "object", + "properties": { + "link": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_link" + } + } + }, + "OSCALLinks": { + "type": "object", + "properties": { + "links": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALLink" + } + } + } + }, + "OSCALProp": { + "type": "object", + "properties": { + "prop": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_property" + } + } + }, + "OSCALProps": { + "type": "object", + "properties": { + "props": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALProp" + } + } + } + }, + "OSCALRLinks": { + "type": "object", + "properties": { + "rlinks": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALRLink" + } + } + } + }, + "OSCALRLink": { + "type": "object", + "properties": { + "href": { + "type": "string", + "format": "uri-reference" + }, + "media-type": { + "type": "string", + "pattern": "^\\S(.*\\S)?$" + }, + "hashes": { + "$ref": "#/components/schemas/OSCALHashes" + } + } + }, + "OSCALHash": { + "type": "object", + "properties": { + "hash": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_hash" + } + } + }, + "OSCALHashes": { + "type": "object", + "properties": { + "hashes": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALHash" + } + } + } + }, + "OSCALBase64": { + "type": "object", + "properties": { + "filename": { + "type": "string", + "format": "uri-reference" + }, + "media-type": { + "type": "string", + "pattern": "^\\S(.*\\S)?$" + }, + "value": { + "type": "string" + } + } + }, + "OSCALRemarks": { + "type": "object", + "properties": { + "remarks": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" + } + } + }, + "OSCALAttachment": { + "$ref": "#/components/schemas/OSCALResource" + }, + "OSCALAttachment64": { + "type": "object", + "properties": { + "file": { + "properties": { + "resource-uuid": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "name": { + "type": "string" + }, + "media-type": { + "type": "string" + }, + "attachment-binary": { + "type": "string", + "format": "binary" + } + } + } + } + }, + "OSCALModelSnapshotEntry": { + "type": "object", + "properties": { + "file-id": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "title": { + "type": "string" + }, + "published": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" + }, + "last-modified": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" + }, + "version": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" + }, + "oscal-version": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" + }, + "document-ids": { + "type": "array", + "items": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" + } + }, + "markings": { + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string" + }, + "remarks": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" + }, + "snapshot": { + "type": "object", + "ref$" : "#components/schemas/OSCALSnapshotAttributes" + } + } + }, + "OSCALSnapshotAttributes": { + "type": "object", + "properties": { + "snapshot": { + "type": "object", + "properties": { + "created": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" + }, + "description": { + "type": "string" + }, + "labels": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Token" + } + }, + "types": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Token" + } + } + } + } + } + }, + + "OSCALModelEntry": { + "type": "object", + "properties": { + "file-id": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "title": { + "type": "string" + }, + "published": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" + }, + "last-modified": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" + }, + "version": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" + }, + "oscal-version": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" + }, + "document-ids": { + "type": "array", + "items": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" + } + }, + "markings": { + "type": "array", + "items": { + "type": "string" + } + }, + "remarks": { + "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" + } + } + }, + "OSCALSystemSecurityPlanSnapshot": { + "type": "object", + "properties": { + "system-security-plan-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALAssessmentPlansSnapshots": { + "type": "object", + "properties": { + "assessment-plan-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALAssessmentPlanSnapshot": { + "type": "object", + "properties": { + "assessment-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALAssessmentPlansSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "assessment-plan-snapshot-list" + } + }, + "OSCALComponentDefinitionsSnapshots": { + "type": "object", + "properties": { + "component-definition-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALComponentDefinitionsSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "component-definition-snapshot-list" + } + }, + "OSCALComponentDefinitionSnapshot": { + "type": "object", + "properties": { + "component-definition-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALAssessmentResultsListSnapshots": { + "type": "object", + "properties": { + "assessment-results-snapshot-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALAssessmentResultsListSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "assessment-results-snapshot-list" + } + }, + "OSCALAssessmentResultsSnapshot": { + "type": "object", + "properties": { + "assessment-results-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "OSCALPlanOfActionAndMilestonesListSnapshots": { + "type": "object", + "properties": { + "plan-of-action-and-milestones-list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + } + }, + "OSCALPlanOfActionAndMilestonesListSnapshotsXML": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + }, + "xml": { + "name": "plan-of-action-and-milestones-list" + } + }, + "OSCALPlanOfActionAndMilestonesSnapshot": { + "type": "object", + "properties": { + "plan-of-action-and-milestones-snapshot": { + "$ref": "#/components/schemas/OSCALModelSnapshotEntry" + } + } + }, + "Token": { + "type": "string", + "minLength": 1, + "maxLength": 72, + "pattern": "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$" + }, + "DocId": { + "type": "string", + "minLength": 1, + "maxLength": 72, + "pattern": "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$" + } + }, + "securitySchemes": { + "oscal_auth": { + "type": "oauth2", + "flows": { + "implicit": { + "authorizationUrl": "https://localhost/oauth/dialog", + "scopes": { + "write:catalog": "modify catalogs in your account", + "read:catalog": "read your catalogs", + "write:profile": "modify profiles in your account", + "read:profile": "read your profiles", + "write:componentDefinition": "modify component definitions in your account", + "read:componentDefinition": "read your component definitions", + "write:systemSecurityPlan": "modify system security plans in your account", + "read:systemSecurityPlan": "read your system security plans", + "write:party": "modify parties in your account", + "read:party": "read your parties", + "write:poam": "modify poams in your account", + "read:poam": "read your poams", + "write:assessmentPlan": "modify assessment plans in your account", + "read:assessmentPlan": "read your assessment plans", + "write:assessmentResults": "modify assessment results in your account", + "read:assessmentResults": "read your assessment results", + "write:implementedRequirement": "modify implemented requirements in your account", + "read:implementedRequirement": "read your implemented requirements", + "write:metadata": "modify metadata in your account", + "read:metadata": "read your metadata", + "write:backmatter": "modify back-matter in your account", + "read:backmatter": "read your back-matter", + "write:systemCharacteristics": "modify system characteristics in your account", + "read:systemCharacteristics": "read your system characteristics", + "write:systemImplementation": "modify system Implementation in your account", + "read:systemImplementation": "read your system Implementation", + "write:controlImplementation": "modify control Implementation in your account", + "read:controlImplementation": "read your control Implementation", + "write:importProfile": "modify import-profiles in your account", + "read:importProfile": "read your import-profiles" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/OSCALRestOpenAPI.yaml b/OSCALRestOpenAPI.yaml deleted file mode 100644 index 6c47510..0000000 --- a/OSCALRestOpenAPI.yaml +++ /dev/null @@ -1,9189 +0,0 @@ ---- -openapi: 3.1.0 -info: - title: OSCAL REST - description: | - A draft proposal from [Easy Dynamics](https://www.easydynamics.com) of a REST API specification for exchanging - [OSCAL](https://pages.nist.gov/OSCAL/) content between tool instances and organizations. - - Standardized data models like OSCAL lay the groundwork for interoperability of systems, and an ecosystem of - meaningful integrations can be brought to life through a standardized REST API. Such an API will likely see the most - success across various vendors and projects when maintained by a standards body or community, and we're looking - to get that conversation started with this effort. - - For an overview and more information, visit [https://docs.oscal.io/docs/oscal-rest-openapi](https://docs.oscal.io/docs/oscal-rest-openapi) - - contact: - email: oscal@oscal.io - version: 0.4.1 -externalDocs: - description: Find out more about OSCAL - url: https://pages.nist.gov/OSCAL -servers: - - url: http://localhost:8080/oscal/v1 -tags: - - name: OSCAL Catalog - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/control/catalog/ - - name: OSCAL Profile - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/control/profile/ - - name: OSCAL System Security Plan - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/implementation/ssp/ - - name: OSCAL Component Definition - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/implementation/component-definition/ - - name: OSCAL Plan of Action and Milestones - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/assessment/poam/ - - name: OSCAL Assessment Plan - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-plan/ - - name: OSCAL Assessment Results - externalDocs: - description: Find out more - url: https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-results/ -paths: - /assessment-plan: - get: - tags: - - OSCAL Assessment Plan - summary: Returns a list of every relevant assessment plan. - description: Returns a list of every relevant assessment plan. - operationId: getAssessmentPlan - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlansEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - post: - tags: - - OSCAL Assessment Plan - summary: Adds a new assessment plan. - description: | - Adds a new assessment plan. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postAssessmentPlan - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlanEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}: - get: - tags: - - OSCAL Assessment Plan - summary: Returns the assessment plan represented by the assessment plan ID. - description: | - Returns the assessment plan represented by the assessment plan ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getAssessmentPlanById - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlan" - application/xml: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlanXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlan" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - put: - tags: - - OSCAL Assessment Plan - summary: Replaces the assessment plan represented by the assessment plan ID. - description: | - Replaces the assessment plan represented by the assessment plan ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putAssessmentPlan - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - delete: - tags: - - OSCAL Assessment Plan - summary: Deletes the assessment plan represented by the assessment plan ID. - description: Deletes the assessment plan represented by the assessment plan ID. - operationId: deleteAssessmentPlan - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}/attachment: - get: - tags: - - OSCAL Assessment Plan - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getAssessmentPlanAttachment - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - post: - tags: - - OSCAL Assessment Plan - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postAssessmentPlanAttachment - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Assessment Plan - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getAssessmentPlanAttachmentByUuid - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - put: - tags: - - OSCAL Assessment Plan - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putAssessmentPlanAttachment - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - delete: - tags: - - OSCAL Assessment Plan - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteAssessmentPlanAttachment - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Assessment Plan - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getAssessmentPlanAttachmentResourceBy - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - put: - tags: - - OSCAL Assessment Plan - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putAssessmentPlanAttachmentResource - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}/snapshot: - get: - tags: - - OSCAL Assessment Plan - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getAssessmentPlanSnapshot - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlansSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - post: - tags: - - OSCAL Assessment Plan - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postAssessmentPlanSnapshot - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlansSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /assessment-plan/{assessmentPlanID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Assessment Plan - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getAssessmentPlanSnapshotById - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlan" - application/xml: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlanXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALAssessmentPlan" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - put: - tags: - - OSCAL Assessment Plan - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putAssessmentPlanSnapshot - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - delete: - tags: - - OSCAL Assessment Plan - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteAssessmentPlanSnapshot - parameters: - - name: assessmentPlanID - in: path - description: ID of AssessmentPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentPlan - - write:assessmentPlan - /profile: - get: - tags: - - OSCAL Profile - summary: Returns a list of every relevant profile. - description: Returns a list of every relevant profile. - operationId: getProfile - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfilesEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - post: - tags: - - OSCAL Profile - summary: Adds a new profile. - description: | - Adds a new profile. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postProfile - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfileEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}: - get: - tags: - - OSCAL Profile - summary: Returns the profile represented by the profile ID. - description: | - Returns the profile represented by the profile ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getProfileById - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfile" - application/xml: - schema: - $ref: "#/components/schemas/OSCALProfileXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALProfile" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - put: - tags: - - OSCAL Profile - summary: Replaces the profile represented by the profile ID. - description: | - Replaces the profile represented by the profile ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putProfile - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - delete: - tags: - - OSCAL Profile - summary: Deletes the profile represented by the profile ID. - description: Deletes the profile represented by the profile ID. - operationId: deleteProfile - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/resolved-catalog: - get: - tags: - - OSCAL Profile - summary: Resolves the identified profile based on currently available sources and returns a resolved profile catalog. - description: | - Resolves the identified profile based on currently available sources and returns a resolved profile catalog. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getProfileResolvedCatalogBy - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalog" - application/xml: - schema: - $ref: "#/components/schemas/OSCALCatalogXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALCatalog" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - /profile/{profileID}/attachment: - get: - tags: - - OSCAL Profile - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getProfileAttachment - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - post: - tags: - - OSCAL Profile - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postProfileAttachment - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Profile - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getProfileAttachmentByUuid - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - put: - tags: - - OSCAL Profile - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putProfileAttachment - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - delete: - tags: - - OSCAL Profile - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteProfileAttachment - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Profile - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getProfileAttachmentResourceBy - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - put: - tags: - - OSCAL Profile - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putProfileAttachmentResource - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/snapshot: - get: - tags: - - OSCAL Profile - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getProfileSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfilesSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - post: - tags: - - OSCAL Profile - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postProfileSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfilesSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Profile - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getProfileSnapshotById - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfile" - application/xml: - schema: - $ref: "#/components/schemas/OSCALProfileXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALProfile" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - put: - tags: - - OSCAL Profile - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putProfileSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - delete: - tags: - - OSCAL Profile - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteProfileSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/resolved-snapshot: - get: - tags: - - OSCAL Profile - summary: Returns a list of every relevant resolved profile catalog. - description: Returns a list of every relevant resolved profile catalog. - operationId: getProfileResolvedSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResolvedSnapshotsSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - post: - tags: - - OSCAL Profile - summary: Resolves the profile and saves the result. - description: | - Processes the profile and creates a snapshot as a resolved profile catalog. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property and a `snapshot-type` set to `resolved-profile` in the OSCAL document's `metadata` as follows: - - - **Resolved Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Resolved Snapshot Type** Property [**1 or more**]: - - `"name" : "snapshot-type"` - - `"value" : "resolved-profile"` - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation implementation _may_ set a `snapshot-description` property, as well as `snapshot-label` and additional `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Resolved Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional resolved snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Resolved Snapshot Type** Property [**1 or more**]: - - `"name" : "snapshot-type"` - - `"value" : "resolved-profile"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postProfileResolvedSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResolvedSnapshotsSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /profile/{profileID}/resolved-snapshot/{resolvedSnapshotID}: - get: - tags: - - OSCAL Profile - summary: Returns the resolved profile catalog represented by the resolved profile catalog ID. - description: | - Returns the resolved profile catalog represented by the resolved profile catalog ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getProfileResolvedSnapshotById - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resolvedSnapshotID - in: path - description: ID of ResolvedSnapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALProfile" - application/xml: - schema: - $ref: "#/components/schemas/OSCALProfileXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALProfile" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - put: - tags: - - OSCAL Profile - summary: Modifies the snapshot description, types and label. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putProfileResolvedSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resolvedSnapshotID - in: path - description: ID of ResolvedSnapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - delete: - tags: - - OSCAL Profile - summary: Deletes the resolved snapshot represented by the resolved snapshot ID. - description: Deletes the resolved snapshot represented by the resolved snapshot ID. - operationId: deleteProfileResolvedSnapshot - parameters: - - name: profileID - in: path - description: ID of Profile - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resolvedSnapshotID - in: path - description: ID of ResolvedSnapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:profile - - write:profile - /assessment-results: - get: - tags: - - OSCAL Assessment Results - summary: Returns a list of every relevant assessment results. - description: Returns a list of every relevant assessment results. - operationId: getAssessmentResults - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsListEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - post: - tags: - - OSCAL Assessment Results - summary: Adds a new assessment results. - description: | - Adds a new assessment results. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postAssessmentResults - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}: - get: - tags: - - OSCAL Assessment Results - summary: Returns the assessment results represented by the assessment results ID. - description: | - Returns the assessment results represented by the assessment results ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getAssessmentResultsById - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResults" - application/xml: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALAssessmentResults" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - put: - tags: - - OSCAL Assessment Results - summary: Replaces the assessment results represented by the assessment results ID. - description: | - Replaces the assessment results represented by the assessment results ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putAssessmentResults - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - delete: - tags: - - OSCAL Assessment Results - summary: Deletes the assessment results represented by the assessment results ID. - description: Deletes the assessment results represented by the assessment results ID. - operationId: deleteAssessmentResults - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}/attachment: - get: - tags: - - OSCAL Assessment Results - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getAssessmentResultsAttachment - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - post: - tags: - - OSCAL Assessment Results - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postAssessmentResultsAttachment - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Assessment Results - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getAssessmentResultsAttachmentByUuid - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - put: - tags: - - OSCAL Assessment Results - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putAssessmentResultsAttachment - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - delete: - tags: - - OSCAL Assessment Results - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteAssessmentResultsAttachment - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Assessment Results - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getAssessmentResultsAttachmentResourceBy - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - put: - tags: - - OSCAL Assessment Results - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putAssessmentResultsAttachmentResource - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}/snapshot: - get: - tags: - - OSCAL Assessment Results - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getAssessmentResultsSnapshot - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsListSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - post: - tags: - - OSCAL Assessment Results - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postAssessmentResultsSnapshot - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsListSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /assessment-results/{assessmentResultsID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Assessment Results - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getAssessmentResultsSnapshotById - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAssessmentResults" - application/xml: - schema: - $ref: "#/components/schemas/OSCALAssessmentResultsXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALAssessmentResults" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - put: - tags: - - OSCAL Assessment Results - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putAssessmentResultsSnapshot - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - delete: - tags: - - OSCAL Assessment Results - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteAssessmentResultsSnapshot - parameters: - - name: assessmentResultsID - in: path - description: ID of AssessmentResults - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:assessmentResults - - write:assessmentResults - /catalog: - get: - tags: - - OSCAL Catalog - summary: Returns a list of every relevant catalog. - description: Returns a list of every relevant catalog. - operationId: getCatalog - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalogsEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - post: - tags: - - OSCAL Catalog - summary: Adds a new catalog. - description: | - Adds a new catalog. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postCatalog - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalogEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}: - get: - tags: - - OSCAL Catalog - summary: Returns the catalog represented by the catalog ID. - description: | - Returns the catalog represented by the catalog ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getCatalogById - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalog" - application/xml: - schema: - $ref: "#/components/schemas/OSCALCatalogXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALCatalog" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - put: - tags: - - OSCAL Catalog - summary: Replaces the catalog represented by the catalog ID. - description: | - Replaces the catalog represented by the catalog ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putCatalog - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - delete: - tags: - - OSCAL Catalog - summary: Deletes the catalog represented by the catalog ID. - description: Deletes the catalog represented by the catalog ID. - operationId: deleteCatalog - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}/attachment: - get: - tags: - - OSCAL Catalog - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getCatalogAttachment - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - post: - tags: - - OSCAL Catalog - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postCatalogAttachment - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Catalog - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getCatalogAttachmentByUuid - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - put: - tags: - - OSCAL Catalog - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putCatalogAttachment - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - delete: - tags: - - OSCAL Catalog - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteCatalogAttachment - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Catalog - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getCatalogAttachmentResourceBy - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - put: - tags: - - OSCAL Catalog - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putCatalogAttachmentResource - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}/snapshot: - get: - tags: - - OSCAL Catalog - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getCatalogSnapshot - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalogsSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - post: - tags: - - OSCAL Catalog - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postCatalogSnapshot - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalogsSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /catalog/{catalogID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Catalog - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getCatalogSnapshotById - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALCatalog" - application/xml: - schema: - $ref: "#/components/schemas/OSCALCatalogXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALCatalog" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - put: - tags: - - OSCAL Catalog - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putCatalogSnapshot - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - delete: - tags: - - OSCAL Catalog - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteCatalogSnapshot - parameters: - - name: catalogID - in: path - description: ID of Catalog - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:catalog - - write:catalog - /system-security-plan: - get: - tags: - - OSCAL System Security Plan - summary: Returns a list of every relevant system security plan. - description: Returns a list of every relevant system security plan. - operationId: getSystemSecurityPlan - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlansEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:systemSecurityPlan - post: - tags: - - OSCAL System Security Plan - summary: Adds a new system security plan. - description: | - Adds a new system security plan. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postSystemSecurityPlan - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlanEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:systemSecurityPlan - - write:systemSecurityPlan - /system-security-plan/{systemSecurityPlanID}: - get: - tags: - - OSCAL System Security Plan - summary: Returns the system security plan represented by the system security plan ID. - description: | - Returns the system security plan represented by the system security plan ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getSystemSecurityPlanById - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlan" - application/xml: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlanXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlan" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:systemSecurityPlan - put: - tags: - - OSCAL System Security Plan - summary: Replaces the system security plan represented by the system security plan ID. - description: | - Replaces the system security plan represented by the system security plan ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putSystemSecurityPlan - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:systemSecurityPlan - - write:systemSecurityPlan - delete: - tags: - - OSCAL System Security Plan - summary: Deletes the system security plan represented by the system security plan ID. - description: Deletes the system security plan represented by the system security plan ID. - operationId: deleteSystemSecurityPlan - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:systemSecurityPlan - - write:systemSecurityPlan - /system-security-plan/{systemSecurityPlanID}/attachment: - get: - tags: - - OSCAL System Security Plan - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getSystemSecurityPlanAttachment - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - post: - tags: - - OSCAL System Security Plan - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postSystemSecurityPlanAttachment - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - - write:attachment - /system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL System Security Plan - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getSystemSecurityPlanAttachmentByUuid - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - put: - tags: - - OSCAL System Security Plan - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putSystemSecurityPlanAttachment - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - - write:attachment - delete: - tags: - - OSCAL System Security Plan - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteSystemSecurityPlanAttachment - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - - write:attachment - /system-security-plan/{systemSecurityPlanID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL System Security Plan - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getSystemSecurityPlanAttachmentResourceBy - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - put: - tags: - - OSCAL System Security Plan - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putSystemSecurityPlanAttachmentResource - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:attachment - - write:attachment - /system-security-plan/{systemSecurityPlanID}/snapshot: - get: - tags: - - OSCAL System Security Plan - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getSystemSecurityPlanSnapshot - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlansSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:snapshot - post: - tags: - - OSCAL System Security Plan - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postSystemSecurityPlanSnapshot - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlansSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:snapshot - - write:snapshot - /system-security-plan/{systemSecurityPlanID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL System Security Plan - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getSystemSecurityPlanSnapshotById - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlan" - application/xml: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlanXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALSystemSecurityPlan" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:snapshot - put: - tags: - - OSCAL System Security Plan - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putSystemSecurityPlanSnapshot - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:snapshot - - write:snapshot - delete: - tags: - - OSCAL System Security Plan - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteSystemSecurityPlanSnapshot - parameters: - - name: systemSecurityPlanID - in: path - description: ID of SystemSecurityPlan - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:snapshot - - write:snapshot - /plan-of-action-and-milestones: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns a list of every relevant plan of action and milestones. - description: Returns a list of every relevant plan of action and milestones. - operationId: getPlanOfActionAndMilestones - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesListEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - post: - tags: - - OSCAL Plan of Action and Milestones - summary: Adds a new plan of action and milestones. - description: | - Adds a new plan of action and milestones. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postPlanOfActionAndMilestones - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns the plan of action and milestones represented by the plan of action and milestones ID. - description: | - Returns the plan of action and milestones represented by the plan of action and milestones ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getPlanOfActionAndMilestonesById - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestones" - application/xml: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestones" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - put: - tags: - - OSCAL Plan of Action and Milestones - summary: Replaces the plan of action and milestones represented by the plan of action and milestones ID. - description: | - Replaces the plan of action and milestones represented by the plan of action and milestones ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putPlanOfActionAndMilestones - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - delete: - tags: - - OSCAL Plan of Action and Milestones - summary: Deletes the plan of action and milestones represented by the plan of action and milestones ID. - description: Deletes the plan of action and milestones represented by the plan of action and milestones ID. - operationId: deletePlanOfActionAndMilestones - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getPlanOfActionAndMilestonesAttachment - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - post: - tags: - - OSCAL Plan of Action and Milestones - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postPlanOfActionAndMilestonesAttachment - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getPlanOfActionAndMilestonesAttachmentByUuid - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - put: - tags: - - OSCAL Plan of Action and Milestones - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putPlanOfActionAndMilestonesAttachment - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - delete: - tags: - - OSCAL Plan of Action and Milestones - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deletePlanOfActionAndMilestonesAttachment - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getPlanOfActionAndMilestonesAttachmentResourceBy - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - put: - tags: - - OSCAL Plan of Action and Milestones - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putPlanOfActionAndMilestonesAttachmentResource - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getPlanOfActionAndMilestonesSnapshot - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - post: - tags: - - OSCAL Plan of Action and Milestones - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postPlanOfActionAndMilestonesSnapshot - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /plan-of-action-and-milestones/{planOfActionAndMilestonesID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Plan of Action and Milestones - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getPlanOfActionAndMilestonesSnapshotById - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestones" - application/xml: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALPlanOfActionAndMilestones" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - put: - tags: - - OSCAL Plan of Action and Milestones - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putPlanOfActionAndMilestonesSnapshot - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - delete: - tags: - - OSCAL Plan of Action and Milestones - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deletePlanOfActionAndMilestonesSnapshot - parameters: - - name: planOfActionAndMilestonesID - in: path - description: ID of PlanOfActionAndMilestones - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:planOfActionAndMilestones - - write:planOfActionAndMilestones - /component-definition: - get: - tags: - - OSCAL Component Definition - summary: Returns a list of every relevant component definition. - description: Returns a list of every relevant component definition. - operationId: getComponentDefinition - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionsEntries" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - post: - tags: - - OSCAL Component Definition - summary: Adds a new component definition. - description: | - Adds a new component definition. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: postComponentDefinition - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}: - get: - tags: - - OSCAL Component Definition - summary: Returns the component definition represented by the component definition ID. - description: | - Returns the component definition represented by the component definition ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getComponentDefinitionById - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinition" - application/xml: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALComponentDefinition" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - put: - tags: - - OSCAL Component Definition - summary: Replaces the component definition represented by the component definition ID. - description: | - Replaces the component definition represented by the component definition ID. The client must include the `Content-type` HTML header and set it to one of the following: - - `application/json` when sending an OSCAL file in JSON format; - - `application/xml` when sending an OSCAL file in XML format; or - - `application/yaml` when sending an OSCAL file in YAML format. The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations. - operationId: putComponentDefinition - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - delete: - tags: - - OSCAL Component Definition - summary: Deletes the component definition represented by the component definition ID. - description: Deletes the component definition represented by the component definition ID. - operationId: deleteComponentDefinition - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}/attachment: - get: - tags: - - OSCAL Component Definition - summary: Returns a list of every relevant attachment. - description: Returns a list of every relevant attachment. - operationId: getComponentDefinitionAttachment - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachments" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - post: - tags: - - OSCAL Component Definition - summary: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - description: Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned. - operationId: postComponentDefinitionAttachment - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALAttachmentEntry" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}/attachment/{resourceUUID}: - get: - tags: - - OSCAL Component Definition - summary: Returns the attachment represented by the back-matter resource UUID. - description: Returns the attachment represented by the back-matter resource UUID. - operationId: getComponentDefinitionAttachmentByUuid - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: A binary file in any type - content: - multipart/form-data: - schema: - type: object - properties: - file: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - put: - tags: - - OSCAL Component Definition - summary: Replaces the attachment represented by the resource UUID. - description: Replaces the attachment represented by the resource UUID. - operationId: putComponentDefinitionAttachment - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - delete: - tags: - - OSCAL Component Definition - summary: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - description: Deletes the attachment and the associated back-matter resource represented by the resource UUID. - operationId: deleteComponentDefinitionAttachment - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}/attachment/{resourceUUID}/resource: - get: - tags: - - OSCAL Component Definition - summary: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: getComponentDefinitionAttachmentResourceBy - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALResource" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - put: - tags: - - OSCAL Component Definition - summary: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - description: Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL 1.1.2 syntax for back-matter resource assemblies. - operationId: putComponentDefinitionAttachmentResource - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: resourceUUID - in: path - description: UUID of Back Matter Resource - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}/snapshot: - get: - tags: - - OSCAL Component Definition - summary: Returns a list of every relevant snapshot. - description: Returns a list of every relevant snapshot. - operationId: getComponentDefinitionSnapshot - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionsSnapshots" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - post: - tags: - - OSCAL Component Definition - summary: Creates a snapshot of the file in its current state. - description: | - Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows: - - - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]: - - `"name" : "snapshot-created"` - - `"value" : "2024-03-24T16:10:42.251Z"` (date-time-with-timezone) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client: - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (`value` is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - - operationId: postComponentDefinitionSnapshot - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - responses: - 201: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionsSnapshots" - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - /component-definition/{componentDefinitionID}/snapshot/{snapshotID}: - get: - tags: - - OSCAL Component Definition - summary: Returns the snapshot represented by the snapshot ID. - description: | - Returns the snapshot represented by the snapshot ID. When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to: - - `application/json` or `application/oscal+json` return the OSCAL content in JSON format; - - `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or - - `application/yaml` or `text/yaml` return the OSCAL content in YAML format. - - When returning the OSCAL content, the implementation _must_ set the `Content-type` header to: - - `application/json` when returning the OSCAL content in JSON format; - - `application/xml` when returning the OSCAL content in XML format; or - - `application/yaml` when return the OSCAL content in YAML format. - operationId: getComponentDefinitionSnapshotById - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALComponentDefinition" - application/xml: - schema: - $ref: "#/components/schemas/OSCALComponentDefinitionXML" - application/yaml: - schema: - $ref: "#/components/schemas/OSCALComponentDefinition" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - put: - tags: - - OSCAL Component Definition - summary: Modifies the snapshot description, types and labels. - description: | - Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method. - - - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]: - - `"name" : "snapshot-description"` - - `"value" : "na"` (Value is required by OSCAL, but not needed for this property. It can include any string.) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - `"remarks" : "An optional snapshot description."` (markup-multiline) - - - **Snapshot Label** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-label"` - - `"value" : "v1.2.3"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - - **Snapshot Type** Property [**0 or more (OPTIONAL)**]: - - `"name" : "snapshot-type"` - - `"value" : "published"` (token) - - `"ns" : "http://oscal.io/ns/oscal/1.0.0"` - - All of the above properties are OSCAL extensions and must include the namespace (`ns`) information. - operationId: putComponentDefinitionSnapshot - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 400: - description: Bad Request - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 415: - description: Unsupported Media Type - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 422: - description: Unprocessable Content - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition - delete: - tags: - - OSCAL Component Definition - summary: Deletes the snapshot represented by the snapshot ID. - description: Deletes the snapshot represented by the snapshot ID. - operationId: deleteComponentDefinitionSnapshot - parameters: - - name: componentDefinitionID - in: path - description: ID of ComponentDefinition - required: true - schema: - $ref: "#/components/schemas/DocId" - - name: snapshotID - in: path - description: ID of Snapshot - required: true - schema: - type: string - responses: - 204: - description: Successful operation - 401: - description: Unauthorized - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 403: - description: Forbidden - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 404: - description: Not Found - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 409: - description: Conflit - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - 410: - description: Gone - content: - application/json: - schema: - $ref: "#/components/schemas/OSCALErrorMessage" - security: - - oscal_auth: - - read:componentDefinition - - write:componentDefinition -components: - schemas: - OSCALCatalog: - type: object - properties: - catalog: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog - OSCALCatalogXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog - xml: - name: catalog - OSCALProfile: - type: object - properties: - profile: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile - OSCALProfileXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile - xml: - name: profile - OSCALComponentDefinition: - type: object - properties: - component-definition: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition - OSCALComponentDefinitionXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition - xml: - name: component-definition - OSCALSystemSecurityPlan: - type: object - properties: - system-security-plan: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan - OSCALSystemSecurityPlanXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan - xml: - name: system-security-plan - OSCALPlanOfActionAndMilestones: - type: object - properties: - plan-of-action-and-milestones: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones - OSCALPlanOfActionAndMilestonesXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones - xml: - name: plan-of-action-and-milestones - OSCALAssessmentPlan: - type: object - properties: - assessment-plan: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan - OSCALAssessmentPlanXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan - xml: - name: assessment-plan - OSCALErrorMessage: - type: object - properties: - message: - type: string - code: - type: string - OSCALAssessmentResults: - type: object - properties: - assessment-results: - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results - OSCALAssessmentResultsXML: - type: object - $ref: https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results - xml: - name: assessment-results - OSCALAttachmentEntry: - $ref: '#/components/schemas/OSCALResource' - OSCALAttachmentEntryXML: - $ref: '#/components/schemas/OSCALResourceXML' - OSCALAttachments: - type: object - properties: - attachment-list: - type: array - items: - $ref: '#/components/schemas/OSCALAttachmentNoBase64' - OSCALProfileEntry: - type: object - properties: - profile-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALProfileEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: profile-list - OSCALCatalogEntry: - type: object - properties: - catalog-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALCatalogEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: catalog-list - OSCALSystemSecurityPlanEntry: - type: object - properties: - system-security-plan-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALSystemSecurityPlanEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: system-security-plan-list - OSCALComponentDefinitionEntry: - type: object - properties: - component-definition-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALComponentDefinitionEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: component-definition-list - OSCALAssessmentPlanEntry: - type: object - properties: - assessment-plan-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALAssessmentPlanEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: assessment-plan-list - OSCALAssessmentResultsEntry: - type: object - properties: - assessment-results-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALAssessmentResultsEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: assessment-results-list - OSCALPlanOfActionAndMilestonesEntry: - type: object - properties: - plan-of-action-and-milestones-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALPlanOfActionAndMilestonesEntryXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - xml: - name: plan-of-action-and-milestones-list - OSCALProfilesEntries: - type: object - properties: - profile-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALComponentDefinitionsEntries: - type: object - properties: - component-definition-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALPlanOfActionAndMilestonesListEntries: - type: object - properties: - plan-of-action-and-milestones-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALAssessmentResultsListEntries: - type: object - properties: - assessment-results-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALAssessmentPlansEntries: - type: object - properties: - assessment-plan-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALSystemSecurityPlansEntries: - type: object - properties: - system-security-plan-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALCatalogsEntries: - type: object - properties: - catalog-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelEntry' - OSCALResolvedSnapshotsSnapshots: - type: object - properties: - resolved-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALResolvedSnapshotsSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: resolved-snapshot-list - OSCALCatalogsSnapshots: - type: object - properties: - catalog-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALCatalogsSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: catalog-snapshot-list - OSCALCatalogSnapshot: - type: object - properties: - catalog-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALProfilesSnapshots: - type: object - properties: - profile-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALProfilesSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: profile-snapshot-list - OSCALProfileSnapshot: - type: object - properties: - profile-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALSystemSecurityPlansSnapshots: - type: object - properties: - system-security-plan-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALSystemSecurityPlansSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: system-security-plan-snapshot-list - OSCALAttachmentNoBase64: - type: object - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - file-name: - type: string - media-type: - type: string - title: - type: string - published: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" - remarks: - type: string - OSCALResource: - type: object - properties: - resource: - properties: - uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - title: - type: string - description: - type: string - document-ids: - type: array - items: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" - citation: - $ref: "#/components/schemas/OSCALCitation" - rlinks: - $ref: "#/components/schemas/OSCALRLinks" - base64: - $ref: "#/components/schemas/OSCALBase64" - remarks: - $ref: "#/components/schemas/OSCALRemarks" - OSCALResourceXML: - type: object - properties: - uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - title: - type: string - description: - type: string - document-ids: - type: array - items: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" - citation: - $ref: "#/components/schemas/OSCALCitation" - rlinks: - $ref: "#/components/schemas/OSCALRLinks" - base64: - $ref: "#/components/schemas/OSCALBase64" - remarks: - $ref: "#/components/schemas/OSCALRemarks" - xml: - name: resource - OSCALCitation: - type: object - properties: - text: - type: string - props: - $ref: "#/components/schemas/OSCALProps" - links: - $ref: "#/components/schemas/OSCALLinks" - OSCALLink: - type: object - properties: - link: - $ref: - "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_link" - OSCALLinks: - type: object - properties: - links: - type: array - items: - $ref: "#/components/schemas/OSCALLink" - - OSCALProp: - type: object - properties: - prop: - $ref: - "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_property" - OSCALProps: - type: object - properties: - props: - type: array - items: - $ref: "#/components/schemas/OSCALProp" - OSCALRLinks: - type: object - properties: - rlinks: - type: array - items: - $ref: "#/components/schemas/OSCALRLink" - OSCALRLink: - type: object - properties: - href: - type: string - format: uri-reference - media-type: - type: string - pattern: "^\\S(.*\\S)?$" - hashes: - $ref: "#/components/schemas/OSCALHashes" - OSCALHash: - type: object - properties: - hash: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_hash" - OSCALHashes: - type: object - properties: - hashes: - type: array - items: - $ref: "#/components/schemas/OSCALHash" - OSCALBase64: - type: object - properties: - filename: - type: string - format: uri-reference - media-type: - type: string - pattern: "^\\S(.*\\S)?$" - value: - type: string - OSCALRemarks: - type: object - properties: - remarks: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" - OSCALAttachment: - $ref: "#/components/schemas/OSCALResource" - OSCALAttachment64: - type: object - properties: - file: - properties: - resource-uuid: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - name: - type: string - media-type: - type: string - attachment-binary: - type: string - format: binary - OSCALModelSnapshotEntry: - type: object - properties: - file-id: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - title: - type: string - published: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" - last-modified: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" - version: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" - oscal-version: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" - document-ids: - type: array - items: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" - markings: - type: array - items: - type: string - status: - type: string - remarks: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" - snapshot: - type: object - properties: - created: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" - description: - type: string - labels: - type: array - items: - $ref: "#/components/schemas/Token" - types: - type: array - items: - $ref: "#/components/schemas/Token" - OSCALModelEntry: - type: object - properties: - file-id: - type: string - pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" - title: - type: string - published: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" - last-modified: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" - version: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" - oscal-version: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" - document-ids: - type: array - items: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" - markings: - type: array - items: - type: string - remarks: - $ref: "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" - OSCALSystemSecurityPlanSnapshot: - type: object - properties: - system-security-plan-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALAssessmentPlansSnapshots: - type: object - properties: - assessment-plan-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALAssessmentPlanSnapshot: - type: object - properties: - assessment-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALAssessmentPlansSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: assessment-plan-snapshot-list - OSCALComponentDefinitionsSnapshots: - type: object - properties: - component-definition-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALComponentDefinitionsSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: component-definition-snapshot-list - OSCALComponentDefinitionSnapshot: - type: object - properties: - component-definition-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALAssessmentResultsListSnapshots: - type: object - properties: - assessment-results-snapshot-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALAssessmentResultsListSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: assessment-results-snapshot-list - OSCALAssessmentResultsSnapshot: - type: object - properties: - assessment-results-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALPlanOfActionAndMilestonesListSnapshots: - type: object - properties: - plan-of-action-and-milestones-list: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - OSCALPlanOfActionAndMilestonesListSnapshotsXML: - type: array - items: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - xml: - name: plan-of-action-and-milestones-list - OSCALPlanOfActionAndMilestonesSnapshot: - type: object - properties: - plan-of-action-and-milestones-snapshot: - $ref: '#/components/schemas/OSCALModelSnapshotEntry' - Token: - type: string - minLength: 1 - maxLength: 72 - pattern: "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$" - DocId: - type: string - minLength: 1 - maxLength: 72 - pattern: ^(\p{Ll}|_)(\p{L}|\p{N}|[.\-_])*$ - securitySchemes: - oscal_auth: - type: oauth2 - flows: - implicit: - authorizationUrl: https://localhost/oauth/dialog - scopes: - write:catalog: modify catalogs in your account - read:catalog: read your catalogs - write:profile: modify profiles in your account - read:profile: read your profiles - write:componentDefinition: modify component definitions in your account - read:componentDefinition: read your component definitions - write:systemSecurityPlan: modify system security plans in your account - read:systemSecurityPlan: read your system security plans - write:party: modify parties in your account - read:party: read your parties - write:poam: modify poams in your account - read:poam: read your poams - write:assessmentPlan: modify assessment plans in your account - read:assessmentPlan: read your assessment plans - write:assessmentResults: modify assessment results in your account - read:assessmentResults: read your assessment results - write:implementedRequirement: modify implemented requirements in your - account - read:implementedRequirement: read your implemented requirements - write:metadata: modify metadata in your account - read:metadata: read your metadata - write:backmatter: modify back-matter in your account - read:backmatter: read your back-matter - write:systemCharacteristics: modify system characteristics in your account - read:systemCharacteristics: read your system characteristics - write:systemImplementation: modify system Implementation in your account - read:systemImplementation: read your system Implementation - write:controlImplementation: modify control Implementation in your account - read:controlImplementation: read your control Implementation - write:importProfile: modify import-profiles in your account - read:importProfile: read your import-profiles diff --git a/README.md b/README.md index 44957e5..fa844cd 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,57 @@ # OSCAL REST API Definition -A draft proposal from [Easy Dynamics](https://www.easydynamics.com) of an [OpenAPI](https://www.openapis.org/) -REST specification for interacting with [OSCAL](https://pages.nist.gov/OSCAL/) models. +This is an open-source REST API specification for exchanging [OSCAL](https://pages.nist.gov/OSCAL/) content between tools and organizations. -Standardized data models like OSCAL lay the groundwork for interoperability of systems, and an ecosystem of -meaningful integrations can be brought to life through a standardized REST API. That interface needs to define -simple CRUD operations, but should also describe how to manipulate relationships and make partial changes. +The _OSCAL REST OpenAPI Specification_ addresses OSCAL XML, JSON and YAML content for all seven OSCAL models. Each OSCAL model has a primary set of REST API methods and endpoints for the OSCAL content itself, as well as methods and endpoints for snapshots and attachments. OSCAL profiles also have methods and endpoints for live profile resolution and snapshots of resolved profiles. -Such an API will likely see the most success across various vendors and projects when maintained by a -standards body or community, and we're looking to get that conversation started with this effort. +The _OSCAL REST OpenAPI Specification_ is expressed using [OpenAPI](https://www.openapis.org/) 3.1. -## Viewing / Editing +For more information, vist and bookmark [https://docs.oscal.io/docs/oscal-rest-openapi](https://docs.oscal.io/docs/oscal-rest-openapi) + +## Conventions and Organization + +All endpoint syntax is provided as: + +|`METHOD /{model-name}`
`METHOD /{model-name}/{identifier}`
`METHOD /{model-name}/{identifier}/snapshot`
`METHOD /{model-name}/{identifier}/snapshot/{identifier}`
`METHOD /{model-name}/{identifier}/attachment`
`METHOD /{model-name}/{identifier}/attachment/{resource-uuid}`
`METHOD /{model-name}/{identifier}/attachment/{resource-uuid}/resource`| +|:--- | + +The `{model-name}` is always one of the seven root-level OSCAL model names exactly as they are defined in the OSCAL syntax. Simply replace `{model-name}` with one of the following: + +- `catalog` +- `profile` +- `component-definition` +- `system-security-plan` +- `assessment plan` +- `assessment-results` +- `plan-of-action-and-milestones` + +Profiles have additional endpoints related to profile resolution: -You can use a Swagger Editor, [local](https://github.com/swagger-api/swagger-editor) (Docker works great) or -[online](https://editor.swagger.io/?url=https://raw.githubusercontent.com/EasyDynamics/oscal-rest/develop/openapi.yaml) -to view the specification: +|`METHOD /profile/{identifier}/resolved-catalog`
`METHOD /profile/{identifier}/resolved-snapshot`
`METHOD /profile/{identifier}/resolved-snapshot/{identifier}`| +|:--- | + +## Known Issue: XML Expression + +When the specification calls for OSCAL content to be accepted or returned, the content must be fully OSCAL valid. Even if the specification shows a non-compliant schema or example. + +There is a known-issue that prevents proper expression of OSCAL XML content in OpenAPI. + +XML elements have both _attributes_ and _children_. JSON elements only have _children_. There is no way to specify an element _attribute_ using a JSON schema. + +All versions of the OpenAPI specification, up to and including 3.1, only accept JSON schema definitions. As a result all OpenAPI viewers and code generators incorrectly represent OSCAL XML element _attributes_ as element _children_. + +## Viewing / Editing -![OSCSAL REST Swagger Screenshot](docs/resources/swagger-editor-oscal-screenshot.png) +The proposed OSCAL REST OpenAPI specification is expressed using the OpenAPI 3.1 standard: +[RAW](OSCALRestOpenAPI.json) | [VIEWER](https://raw.githack.com/EasyDynamics/oscal-rest/develop/viewer/index.html?url=https://raw.githubusercontent.com/EasyDynamics/oscal-rest/develop/OSCALRestOpenAPI.json) -## Linting & Testing -1. Install [`yamllint`](https://github.com/adrienverge/yamllint) -2. Run `yamllint -c .yamllint.yaml .` - - This will lint all `.yaml` files +## Contributing and Feedback -## Contributing +If you have feedback, please consider one of the following options: +- Add a comment to an [existing issue](https://github.com/EasyDynamics/oscal-rest/issues); +- If you don't see an appropriate existing issue, create a [new issue](https://github.com/EasyDynamics/oscal-rest/issues/new); or +- send a message to us: [oscal@oscal.io](mailto:oscal@oscal.io). For the process of Contributing to the project, please review [CONTRIBUTING.md](https://github.com/EasyDynamics/.github/blob/main/CONTRIBUTING.md)