Skip to content

assessment_results

trestle.oscal.assessment_results ¤

Attributes¤

Classes¤

AssessmentLog ¤

Bases: OscalBaseModel

A log of all assessment-related actions taken.

Source code in trestle/oscal/assessment_results.py 
135
136
137
138
139
140
141
142
143
class AssessmentLog(OscalBaseModel):
    """
    A log of all assessment-related actions taken.
    """

    class Config:
        extra = Extra.forbid

    entries: List[Entry1] = Field(...)
Attributes¤
entries: List[Entry1] = Field(...) class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
140
141
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

AssessmentResults ¤

Bases: OscalBaseModel

Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.

Source code in trestle/oscal/assessment_results.py 
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
class AssessmentResults(OscalBaseModel):
    """
    Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Results Universally Unique Identifier',
    )
    metadata: common.Metadata
    import_ap: ImportAp = Field(..., alias='import-ap')
    local_definitions: Optional[LocalDefinitions] = Field(
        None,
        alias='local-definitions',
        description=
        'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
        title='Local Definitions'
    )
    results: List[Result] = Field(...)
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter') class-attribute instance-attribute ¤
import_ap: ImportAp = Field(..., alias='import-ap') class-attribute instance-attribute ¤
local_definitions: Optional[LocalDefinitions] = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions') class-attribute instance-attribute ¤
metadata: common.Metadata instance-attribute ¤
results: List[Result] = Field(...) class-attribute instance-attribute ¤
uuid: constr(regex='^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Assessment Results Universally Unique Identifier') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
205
206
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

Attestation ¤

Bases: OscalBaseModel

A set of textual statements, typically written by the assessor.

Source code in trestle/oscal/assessment_results.py 
123
124
125
126
127
128
129
130
131
132
class Attestation(OscalBaseModel):
    """
    A set of textual statements, typically written by the assessor.
    """

    class Config:
        extra = Extra.forbid

    responsible_parties: Optional[List[common.ResponsibleParty]] = Field(None, alias='responsible-parties')
    parts: List[common.AssessmentPart] = Field(...)
Attributes¤
parts: List[common.AssessmentPart] = Field(...) class-attribute instance-attribute ¤
responsible_parties: Optional[List[common.ResponsibleParty]] = Field(None, alias='responsible-parties') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
128
129
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

Entry1 ¤

Bases: OscalBaseModel

Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.

Source code in trestle/oscal/assessment_results.py 
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
class Entry1(OscalBaseModel):
    """
    Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Log Entry Universally Unique Identifier',
    )
    title: Optional[str] = Field(None, description='The title for this event.', title='Action Title')
    description: Optional[str] = Field(
        None, description='A human-readable description of this event.', title='Action Description'
    )
    start: datetime = Field(..., description='Identifies the start date and time of an event.', title='Start')
    end: Optional[datetime] = Field(
        None,
        description=
        'Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.',
        title='End'
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by')
    related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks')
    remarks: Optional[str] = None
Attributes¤
description: Optional[str] = Field(None, description='A human-readable description of this event.', title='Action Description') class-attribute instance-attribute ¤
end: Optional[datetime] = Field(None, description='Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.', title='End') class-attribute instance-attribute ¤
logged_by: Optional[List[common.LoggedBy]] = Field(None, alias='logged-by') class-attribute instance-attribute ¤
props: Optional[List[common.Property]] = Field(None) class-attribute instance-attribute ¤
related_tasks: Optional[List[common.RelatedTask]] = Field(None, alias='related-tasks') class-attribute instance-attribute ¤
remarks: Optional[str] = None class-attribute instance-attribute ¤
start: datetime = Field(..., description='Identifies the start date and time of an event.', title='Start') class-attribute instance-attribute ¤
title: Optional[str] = Field(None, description='The title for this event.', title='Action Title') class-attribute instance-attribute ¤
uuid: constr(regex='^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Assessment Log Entry Universally Unique Identifier') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
94
95
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

ImportAp ¤

Bases: OscalBaseModel

Used by assessment-results to import information about the original plan for assessing the system.

Source code in trestle/oscal/assessment_results.py 
73
74
75
76
77
78
79
80
81
82
83
84
85
86
class ImportAp(OscalBaseModel):
    """
    Used by assessment-results to import information about the original plan for assessing the system.
    """

    class Config:
        extra = Extra.forbid

    href: str = Field(
        ...,
        description='A resolvable URL reference to the assessment plan governing the assessment activities.',
        title='Assessment Plan Reference'
    )
    remarks: Optional[str] = None
Attributes¤
href: str = Field(..., description='A resolvable URL reference to the assessment plan governing the assessment activities.', title='Assessment Plan Reference') class-attribute instance-attribute ¤
remarks: Optional[str] = None class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
78
79
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

LocalDefinitions ¤

Bases: OscalBaseModel

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py 
60
61
62
63
64
65
66
67
68
69
70
class LocalDefinitions(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    objectives_and_methods: Optional[List[common.LocalObjective]] = Field(None, alias='objectives-and-methods')
    activities: Optional[List[common.Activity]] = Field(None)
    remarks: Optional[str] = None
Attributes¤
activities: Optional[List[common.Activity]] = Field(None) class-attribute instance-attribute ¤
objectives_and_methods: Optional[List[common.LocalObjective]] = Field(None, alias='objectives-and-methods') class-attribute instance-attribute ¤
remarks: Optional[str] = None class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
65
66
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

LocalDefinitions1 ¤

Bases: OscalBaseModel

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py 
45
46
47
48
49
50
51
52
53
54
55
56
57
class LocalDefinitions1(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[common.SystemComponent]] = Field(None)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    users: Optional[List[common.SystemUser]] = Field(None)
    assessment_assets: Optional[common.AssessmentAssets] = Field(None, alias='assessment-assets')
    tasks: Optional[List[common.Task]] = Field(None)
Attributes¤
assessment_assets: Optional[common.AssessmentAssets] = Field(None, alias='assessment-assets') class-attribute instance-attribute ¤
components: Optional[List[common.SystemComponent]] = Field(None) class-attribute instance-attribute ¤
inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items') class-attribute instance-attribute ¤
tasks: Optional[List[common.Task]] = Field(None) class-attribute instance-attribute ¤
users: Optional[List[common.SystemUser]] = Field(None) class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
50
51
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

Model ¤

Bases: OscalBaseModel

Source code in trestle/oscal/assessment_results.py 
229
230
class Model(OscalBaseModel):
    assessment_results: AssessmentResults = Field(..., alias='assessment-results')
Attributes¤
assessment_results: AssessmentResults = Field(..., alias='assessment-results') class-attribute instance-attribute ¤

Result ¤

Bases: OscalBaseModel

Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.

Source code in trestle/oscal/assessment_results.py 
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
class Result(OscalBaseModel):
    """
    Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Results Universally Unique Identifier',
    )
    title: str = Field(..., description='The title for this set of results.', title='Results Title')
    description: str = Field(
        ..., description='A human-readable description of this set of test results.', title='Results Description'
    )
    start: datetime = Field(
        ...,
        description='Date/time stamp identifying the start of the evidence collection reflected in these results.',
        title='start field'
    )
    end: Optional[datetime] = Field(
        None,
        description=
        'Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.',
        title='end field'
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    local_definitions: Optional[LocalDefinitions1] = Field(
        None,
        alias='local-definitions',
        description=
        'Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.',
        title='Local Definitions'
    )
    reviewed_controls: common.ReviewedControls = Field(..., alias='reviewed-controls')
    attestations: Optional[List[Attestation]] = Field(None)
    assessment_log: Optional[AssessmentLog] = Field(
        None,
        alias='assessment-log',
        description='A log of all assessment-related actions taken.',
        title='Assessment Log'
    )
    observations: Optional[List[common.Observation]] = Field(None)
    risks: Optional[List[common.Risk]] = Field(None)
    findings: Optional[List[common.Finding]] = Field(None)
    remarks: Optional[str] = None
Attributes¤
assessment_log: Optional[AssessmentLog] = Field(None, alias='assessment-log', description='A log of all assessment-related actions taken.', title='Assessment Log') class-attribute instance-attribute ¤
attestations: Optional[List[Attestation]] = Field(None) class-attribute instance-attribute ¤
description: str = Field(..., description='A human-readable description of this set of test results.', title='Results Description') class-attribute instance-attribute ¤
end: Optional[datetime] = Field(None, description='Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.', title='end field') class-attribute instance-attribute ¤
findings: Optional[List[common.Finding]] = Field(None) class-attribute instance-attribute ¤
local_definitions: Optional[LocalDefinitions1] = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions') class-attribute instance-attribute ¤
observations: Optional[List[common.Observation]] = Field(None) class-attribute instance-attribute ¤
props: Optional[List[common.Property]] = Field(None) class-attribute instance-attribute ¤
remarks: Optional[str] = None class-attribute instance-attribute ¤
reviewed_controls: common.ReviewedControls = Field(..., alias='reviewed-controls') class-attribute instance-attribute ¤
risks: Optional[List[common.Risk]] = Field(None) class-attribute instance-attribute ¤
start: datetime = Field(..., description='Date/time stamp identifying the start of the evidence collection reflected in these results.', title='start field') class-attribute instance-attribute ¤
title: str = Field(..., description='The title for this set of results.', title='Results Title') class-attribute instance-attribute ¤
uuid: constr(regex='^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Results Universally Unique Identifier') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/assessment_results.py 
151
152
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

handler: python