Skip to content

trestle.oscal.poam

trestle.oscal.poam ¤

Attributes¤

Classes¤

LocalDefinitions ¤

Bases: OscalBaseModel

Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.

Source code in trestle/oscal/poam.py 
43
44
45
46
47
48
49
50
51
52
53
54
class LocalDefinitions(OscalBaseModel):
    """
    Allows components, and inventory-items to be defined within the POA&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA&M.
    """

    class Config:
        extra = Extra.forbid

    components: Optional[List[common.SystemComponent]] = Field(None)
    inventory_items: Optional[List[common.InventoryItem]] = Field(None, alias='inventory-items')
    assessment_assets: Optional[common.AssessmentAssets] = Field(None, alias='assessment-assets')
    remarks: Optional[str] = None
Attributes¤
assessment_assets = Field(None, alias='assessment-assets') class-attribute instance-attribute ¤
components = Field(None) class-attribute instance-attribute ¤
inventory_items = Field(None, alias='inventory-items') class-attribute instance-attribute ¤
remarks = None class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/poam.py 
48
49
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

Model ¤

Bases: OscalBaseModel

Source code in trestle/oscal/poam.py 
142
143
class Model(OscalBaseModel):
    plan_of_action_and_milestones: PlanOfActionAndMilestones = Field(..., alias='plan-of-action-and-milestones')
Attributes¤
plan_of_action_and_milestones = Field(..., alias='plan-of-action-and-milestones') class-attribute instance-attribute ¤

Origination ¤

Bases: OscalBaseModel

Identifies the source of the finding, such as a tool or person.

Source code in trestle/oscal/poam.py 
57
58
59
60
61
62
63
64
65
class Origination(OscalBaseModel):
    """
    Identifies the source of the finding, such as a tool or person.
    """

    class Config:
        extra = Extra.forbid

    actors: List[common.OriginActor] = Field(...)
Attributes¤
actors = Field(...) class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/poam.py 
62
63
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

PlanOfActionAndMilestones ¤

Bases: OscalBaseModel

A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.

Source code in trestle/oscal/poam.py 
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
class PlanOfActionAndMilestones(OscalBaseModel):
    """
    A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        description=
        'A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Universally Unique Identifier'
    )
    metadata: common.Metadata
    import_ssp: Optional[common.ImportSsp] = Field(None, alias='import-ssp')
    system_id: Optional[common.SystemId] = Field(None, alias='system-id')
    local_definitions: Optional[LocalDefinitions] = Field(None, alias='local-definitions')
    observations: Optional[List[common.Observation]] = Field(None)
    risks: Optional[List[common.Risk]] = Field(None)
    findings: Optional[List[common.Finding]] = Field(None)
    poam_items: List[PoamItem] = Field(..., alias='poam-items')
    back_matter: Optional[common.BackMatter] = Field(None, alias='back-matter')
Attributes¤
back_matter = Field(None, alias='back-matter') class-attribute instance-attribute ¤
findings = Field(None) class-attribute instance-attribute ¤
import_ssp = Field(None, alias='import-ssp') class-attribute instance-attribute ¤
local_definitions = Field(None, alias='local-definitions') class-attribute instance-attribute ¤
metadata instance-attribute ¤
observations = Field(None) class-attribute instance-attribute ¤
poam_items = Field(..., alias='poam-items') class-attribute instance-attribute ¤
risks = Field(None) class-attribute instance-attribute ¤
system_id = Field(None, alias='system-id') class-attribute instance-attribute ¤
uuid = Field(..., description='A machine-oriented, globally unique identifier with instancescope that can be used to reference this POA&M instance in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='POA&M Universally Unique Identifier') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/poam.py 
120
121
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

PoamItem ¤

Bases: OscalBaseModel

Describes an individual POA&M item.

Source code in trestle/oscal/poam.py 
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
class PoamItem(OscalBaseModel):
    """
    Describes an individual POA&M item.
    """

    class Config:
        extra = Extra.forbid

    uuid: Optional[constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    )] = Field(
        None,
        description=
        'A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='POA&M Item Universally Unique Identifier'
    )
    title: str = Field(..., description='The title or name for this POA&M item .', title='POA&M Item Title')
    description: str = Field(
        ..., description='A human-readable description of POA&M item.', title='POA&M Item Description'
    )
    props: Optional[List[common.Property]] = Field(None)
    links: Optional[List[common.Link]] = Field(None)
    related_findings: Optional[List[RelatedFinding]] = Field(None, alias='related-findings')
    related_observations: Optional[List[common.RelatedObservation]] = Field(None, alias='related-observations')
    related_risks: Optional[List[common.RelatedRisk]] = Field(None, alias='related-risks')
    remarks: Optional[str] = None
    origins: Optional[List[Origination]] = Field(None)
Attributes¤
description = Field(..., description='A human-readable description of POA&M item.', title='POA&M Item Description') class-attribute instance-attribute ¤
origins = Field(None) class-attribute instance-attribute ¤
props = Field(None) class-attribute instance-attribute ¤
related_findings = Field(None, alias='related-findings') class-attribute instance-attribute ¤
related_observations = Field(None, alias='related-observations') class-attribute instance-attribute ¤
related_risks = Field(None, alias='related-risks') class-attribute instance-attribute ¤
remarks = None class-attribute instance-attribute ¤
title = Field(..., description='The title or name for this POA&M item .', title='POA&M Item Title') class-attribute instance-attribute ¤
uuid = Field(None, description='A machine-oriented, globally unique identifier with instance scope that can be used to reference this POA&M item entry in this OSCAL instance. This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='POA&M Item Universally Unique Identifier') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/poam.py 
91
92
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

RelatedFinding ¤

Bases: OscalBaseModel

Relates the finding to referenced finding(s).

Source code in trestle/oscal/poam.py 
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
class RelatedFinding(OscalBaseModel):
    """
    Relates the finding to referenced finding(s).
    """

    class Config:
        extra = Extra.forbid

    finding_uuid: constr(
        regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$'
    ) = Field(
        ...,
        alias='finding-uuid',
        description='A machine-oriented identifier reference to a finding defined in the list of findings.',
        title='Finding Universally Unique Identifier Reference'
    )
Attributes¤
finding_uuid = Field(..., alias='finding-uuid', description='A machine-oriented identifier reference to a finding defined in the list of findings.', title='Finding Universally Unique Identifier Reference') class-attribute instance-attribute ¤
Classes¤
Config ¤
Source code in trestle/oscal/poam.py 
73
74
class Config:
    extra = Extra.forbid
Attributes¤
extra = Extra.forbid class-attribute instance-attribute ¤

handler: python