Skip to content

poam

trestle.oscal.poam ¤

Classes¤

LocalDefinitions (OscalBaseModel) pydantic-model ¤

Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.

Source code in trestle/oscal/poam.py 
class LocalDefinitions(OscalBaseModel):
    """
    Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[common.SystemComponent]] = Field(None)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    assessment_assets: Optional[common.AssessmentAssets] = Field(None, alias='assessment-assets')
    remarks: Optional[str] = None
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
assessment_assets: AssessmentAssets pydantic-field ¤
components: List[trestle.oscal.common.SystemComponent] pydantic-field ¤
inventory_items: List[trestle.oscal.common.InventoryItem] pydantic-field ¤
remarks: str pydantic-field ¤
Config ¤
Source code in trestle/oscal/poam.py 
class Config:
    extra = Extra.forbid

Model (OscalBaseModel) pydantic-model ¤

Source code in trestle/oscal/poam.py 
class Model(OscalBaseModel):
    plan_of_action_and_milestones: PlanOfActionAndMilestones = Field(..., alias='plan-of-action-and-milestones')
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
plan_of_action_and_milestones: PlanOfActionAndMilestones pydantic-field required ¤

Origination (OscalBaseModel) pydantic-model ¤

Identifies the source of the finding, such as a tool or person.

Source code in trestle/oscal/poam.py 
class Origination(OscalBaseModel):
    """
    Identifies the source of the finding, such as a tool or person.
    """

    class Config:
        extra = Extra.forbid

    actors: List[common.OriginActor] = Field(...)
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
actors: List[trestle.oscal.common.OriginActor] pydantic-field required ¤
Config ¤
Source code in trestle/oscal/poam.py 
class Config:
    extra = Extra.forbid

PlanOfActionAndMilestones (OscalBaseModel) pydantic-model ¤

A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.

Source code in trestle/oscal/poam.py 
class PlanOfActionAndMilestones(OscalBaseModel):
    """
    A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Universally Unique Identifier'
    )
    metadata: common.Metadata
    import_ssp: Optional[common.ImportSsp] = Field(None, alias='import-ssp')
    system_id: Optional[common.SystemId] = Field(None, alias='system-id')
    local_definitions: Optional[LocalDefinitions] = Field(None, alias='local-definitions')
    observations: Optional[List[common.Observation]] = Field(None)
    risks: Optional[List[common.Risk]] = Field(None)
    findings: Optional[List[common.Finding]] = Field(None)
    poam_items: List[PoamItem] = Field(..., alias='poam-items')
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
back_matter: BackMatter pydantic-field ¤
findings: List[trestle.oscal.common.Finding] pydantic-field ¤
import_ssp: ImportSsp pydantic-field ¤
local_definitions: LocalDefinitions pydantic-field ¤
metadata: Metadata pydantic-field required ¤
observations: List[trestle.oscal.common.Observation] pydantic-field ¤
poam_items: List[trestle.oscal.poam.PoamItem] pydantic-field required ¤
risks: List[trestle.oscal.common.Risk] pydantic-field ¤
system_id: SystemId pydantic-field ¤
uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py 
class Config:
    extra = Extra.forbid

PoamItem (OscalBaseModel) pydantic-model ¤

Describes an individual POA&M item.

Source code in trestle/oscal/poam.py 
class PoamItem(OscalBaseModel):
    """
    Describes an individual POA&M item.
    """

    class Config:
        extra = Extra.forbid

    uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        description=
        'A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Item Universally Unique Identifier'
    )
    title: str = Field(..., description='The title or name for this POA&M item .', title='POA&M Item Title')
    description: str = Field(
        ..., description='A human-readable description of POA&M item.', title='POA&M Item Description'
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    related_findings: Optional[List[RelatedFinding]] = Field(None, alias='related-findings')
    related_observations: Optional[List[common.RelatedObservation]] = Field(None, alias='related-observations')
    related_risks: Optional[List[common.RelatedRisk]] = Field(None, alias='related-risks')
    remarks: Optional[str] = None
    origins: Optional[List[Origination]] = Field(None)
Attributes¤
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
description: str pydantic-field required ¤

A human-readable description of POA&M item.

origins: List[trestle.oscal.poam.Origination] pydantic-field ¤
props: List[trestle.oscal.common.Property] pydantic-field ¤
related_findings: List[trestle.oscal.poam.RelatedFinding] pydantic-field ¤
related_observations: List[trestle.oscal.common.RelatedObservation] pydantic-field ¤
related_risks: List[trestle.oscal.common.RelatedRisk] pydantic-field ¤
remarks: str pydantic-field ¤
title: str pydantic-field required ¤

The title or name for this POA&M item .

uuid: ConstrainedStrValue pydantic-field ¤

A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

Config ¤
Source code in trestle/oscal/poam.py 
class Config:
    extra = Extra.forbid

RelatedFinding (OscalBaseModel) pydantic-model ¤

Relates the finding to referenced finding(s).

Source code in trestle/oscal/poam.py 
class RelatedFinding(OscalBaseModel):
    """
    Relates the finding to referenced finding(s).
    """

    class Config:
        extra = Extra.forbid

    finding_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='finding-uuid',
        description='A machine-oriented identifier reference to a finding defined in the list of findings.',
        title='Finding Universally Unique Identifier Reference'
    )
Attributes¤
__class_vars__ special ¤
__custom_root_type__ special ¤
__doc__ special ¤
__exclude_fields__ special ¤
__fields__ special ¤
__include_fields__ special ¤
__post_root_validators__ special ¤
__pre_root_validators__ special ¤
__private_attributes__ special ¤
__schema_cache__ special ¤
__signature__ special ¤
__slots__: Tuple[str, ...] special ¤
__validators__ special ¤
finding_uuid: ConstrainedStrValue pydantic-field required ¤

A machine-oriented identifier reference to a finding defined in the list of findings.

Config ¤
Source code in trestle/oscal/poam.py 
class Config:
    extra = Extra.forbid

handler: python