{ "openapi": "3.0.0", "info": { "title": "OSCAL REST", "description": "This is an open-source REST API specification for exchanging [OSCAL](https://pages.nist.gov/OSCAL/) content between tools and organizations.\n\nThe _OSCAL REST OpenAPI Specification_ addresses OSCAL XML, JSON and YAML content for all seven OSCAL models. Each OSCAL model has a primary set of REST API methods and endpoints for the OSCAL content itself, as well as methods and endpoints for snapshots and attachments. OSCAL profiles also have methods and endpoints for live profile resolution and snapshots of resolved profiles.\n\nFor an overview and more information, visit [https://docs.oscal.io/docs/oscal-rest-openapi](https://docs.oscal.io/docs/oscal-rest-openapi)\n\n---\n\n**Known-Issue: OSCAL XML Representation**\n\nThere is a [known-issue](https://github.com/OAI/OpenAPI-Specification/issues/630) that prevents proper expression of OSCAL XML in OpenAPI.\n\nWhen the specification calls for OSCAL content to be accepted or returned, the content must be fully OSCAL valid. Even if the specification shows a non-compliant schema or example.", "contact": { "name" : "OSCAL Community", "email": "oscal@oscal.io", "url" : "https://docs.oscal.io/docs/oscal-rest-openapi" }, "license" : { "name" : "Creative Commons Attribution Share Alike 4.0 International", "url" : "https://github.com/EasyDynamics/oscal-rest/blob/develop/LICENSE" }, "version": "1.0.1" }, "externalDocs": { "description": "Find out more about OSCAL", "url": "https://pages.nist.gov/OSCAL" }, "servers": [ { "url": "http://localhost:8080/oscal/v1", "description": "A sample target host that assumes the implementation is running locally. Replace this with the URL to your implementaiton. Consider including `/oscal/v1` as part of the implementaiton's root URL." } ], "tags": [ { "name": "Catalog", "description": "OSCAL Catalog Methods and Endpoints.", "externalDocs": { "description": "OSCAL Catalog Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/control/catalog/" } }, { "name": "Profile", "description": "OSCAL Profile Methods and Endpoints.", "externalDocs": { "description": "OSCAL Profile Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/control/profile/" } }, { "name": "System Security Plan", "description": "OSCAL SSP Methods and Endpoints.", "externalDocs": { "description": "OSCAL SSP Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/ssp/" } }, { "name": "Component Definition", "description": "OSCAL cDef Methods and Endpoints.", "externalDocs": { "description": "OSCAL cDef Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/implementation/component-definition/" } }, { "name": "Plan of Action and Milestones", "description": "OSCAL POA&M Methods and Endpoints.", "externalDocs": { "description": "OSCAL POA&M Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/poam/" } }, { "name": "Assessment Plan", "description": "OSCAL Assessment Plan Methods and Endpoints.", "externalDocs": { "description": "OSCAL AP Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-plan/" } }, { "name": "Assessment Results", "description": "OSCAL Assessment Results Methods and Endpoints.", "externalDocs": { "description": "OSCAL AR Model", "url": "https://pages.nist.gov/OSCAL/concepts/layer/assessment/assessment-results/" } } ], "paths": { "/assessment-plan": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns a list of every relevant assessment plan.", "description": "Returns a list of every relevant assessment plan.", "operationId": "getAssessmentPlan", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlansEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "post": { "tags": [ "Assessment Plan" ], "summary": "Adds a new assessment plan.", "description": "Adds a new assessment plan.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postAssessmentPlan", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlanEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlan" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlanXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlan" } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns the assessment plan represented by the `content-uuid`.", "description": "Returns the assessment plan represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getAssessmentPlanById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlan" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlanXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlan" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "put": { "tags": [ "Assessment Plan" ], "summary": "Replaces the assessment plan represented by the `content-uuid`.", "description": "Replaces the assessment plan represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putAssessmentPlan", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlan" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlanXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentPlan" } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] }, "delete": { "tags": [ "Assessment Plan" ], "summary": "Deletes the assessment plan represented by the `content-uuid`.", "description": "Deletes the assessment plan represented by the `content-uuid`.", "operationId": "deleteAssessmentPlan", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}/attachment": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getAssessmentPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "post": { "tags": [ "Assessment Plan" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postAssessmentPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getAssessmentPlanAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "put": { "tags": [ "Assessment Plan" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putAssessmentPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] }, "delete": { "tags": [ "Assessment Plan" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteAssessmentPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Assessment Plan" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getAssessmentPlanAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "put": { "tags": [ "Assessment Plan" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putAssessmentPlanAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}/snapshot": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getAssessmentPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlansSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "post": { "tags": [ "Assessment Plan" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postAssessmentPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlansSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/assessment-plan/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Assessment Plan" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getAssessmentPlanSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlan" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlanXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentPlan" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan" ] } ] }, "put": { "tags": [ "Assessment Plan" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putAssessmentPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] }, "delete": { "tags": [ "Assessment Plan" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteAssessmentPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentPlan", "write:assessmentPlan" ] } ] } }, "/profile": { "get": { "tags": [ "Profile" ], "summary": "Returns a list of every relevant profile.", "description": "Returns a list of every relevant profile.", "operationId": "getProfile", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfilesEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "post": { "tags": [ "Profile" ], "summary": "Adds a new profile.", "description": "Adds a new profile.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postProfile", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfileEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfile" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfileXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfile" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}": { "get": { "tags": [ "Profile" ], "summary": "Returns the profile represented by the `content-uuid`.", "description": "Returns the profile represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getProfileById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALProfileXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "put": { "tags": [ "Profile" ], "summary": "Replaces the profile represented by the `content-uuid`.", "description": "Replaces the profile represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putProfile", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfile" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfileXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALProfile" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] }, "delete": { "tags": [ "Profile" ], "summary": "Deletes the profile represented by the `content-uuid`.", "description": "Deletes the profile represented by the `content-uuid`.", "operationId": "deleteProfile", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/resolved-catalog": { "get": { "tags": [ "Profile" ], "summary": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.", "description": "Resolves the identified profile based on currently available sources and returns a resolved profile catalog.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getProfileResolvedCatalogBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALCatalogXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] } }, "/profile/{content-uuid}/attachment": { "get": { "tags": [ "Profile" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getProfileAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "post": { "tags": [ "Profile" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postProfileAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Profile" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getProfileAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "put": { "tags": [ "Profile" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putProfileAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] }, "delete": { "tags": [ "Profile" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteProfileAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Profile" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getProfileAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "put": { "tags": [ "Profile" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putProfileAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/snapshot": { "get": { "tags": [ "Profile" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getProfileSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfilesSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "post": { "tags": [ "Profile" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postProfileSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfilesSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Profile" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getProfileSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALProfileXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "put": { "tags": [ "Profile" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putProfileSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] }, "delete": { "tags": [ "Profile" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteProfileSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/resolved-snapshot": { "get": { "tags": [ "Profile" ], "summary": "Returns a list of every relevant resolved profile catalog.", "description": "Returns a list of every relevant resolved profile catalog.", "operationId": "getProfileResolvedSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResolvedSnapshotsSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "post": { "tags": [ "Profile" ], "summary": "Resolves the profile and saves the result.", "description": "Processes the profile and creates a snapshot as a resolved profile catalog. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property and a `snapshot-type` set to `resolved-profile` in the OSCAL document's `metadata` as follows:\n\n - **Resolved Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"`\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation implementation _may_ set a `snapshot-description` property, as well as `snapshot-label` and additional `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Resolved Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional resolved snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Resolved Snapshot Type** Property [**1 or more**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"resolved-profile\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postProfileResolvedSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResolvedSnapshotsSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/profile/{content-uuid}/resolved-snapshot/{resolved-snapshot-uuid}": { "get": { "tags": [ "Profile" ], "summary": "Returns the resolved profile catalog represented by the `resolved-snapshot-uuid`.", "description": "Returns the resolved profile catalog represented by the `resolved-snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getProfileResolvedSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resolved-snapshot-uuid", "in": "path", "description": "UUID of the resolved snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALProfileXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALProfile" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile" ] } ] }, "put": { "tags": [ "Profile" ], "summary": "Modifies the snapshot description, types and label.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putProfileResolvedSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resolved-snapshot-uuid", "in": "path", "description": "UUID of the resolved snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] }, "delete": { "tags": [ "Profile" ], "summary": "Deletes the resolved snapshot represented by the resolved snapshot ID.", "description": "Deletes the resolved snapshot represented by the resolved snapshot ID.", "operationId": "deleteProfileResolvedSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Profile", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resolved-snapshot-uuid", "in": "path", "description": "UUID of the resolved snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:profile", "write:profile" ] } ] } }, "/assessment-results": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns a list of every relevant assessment results.", "description": "Returns a list of every relevant assessment results.", "operationId": "getAssessmentResults", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsListEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "post": { "tags": [ "Assessment Results" ], "summary": "Adds a new assessment results.", "description": "Adds a new assessment results.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postAssessmentResults", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResults" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResultsXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResults" } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns the assessment results represented by the `content-uuid`.", "description": "Returns the assessment results represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getAssessmentResultsById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResults" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResults" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "put": { "tags": [ "Assessment Results" ], "summary": "Replaces the assessment results represented by the `content-uuid`.", "description": "Replaces the assessment results represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putAssessmentResults", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResults" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResultsXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALAssessmentResults" } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] }, "delete": { "tags": [ "Assessment Results" ], "summary": "Deletes the assessment results represented by the `content-uuid`.", "description": "Deletes the assessment results represented by the `content-uuid`.", "operationId": "deleteAssessmentResults", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}/attachment": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getAssessmentResultsAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "post": { "tags": [ "Assessment Results" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postAssessmentResultsAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getAssessmentResultsAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "put": { "tags": [ "Assessment Results" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putAssessmentResultsAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] }, "delete": { "tags": [ "Assessment Results" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteAssessmentResultsAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Assessment Results" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getAssessmentResultsAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "put": { "tags": [ "Assessment Results" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putAssessmentResultsAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}/snapshot": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getAssessmentResultsSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsListSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "post": { "tags": [ "Assessment Results" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postAssessmentResultsSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsListSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/assessment-results/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Assessment Results" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getAssessmentResultsSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResults" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResultsXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALAssessmentResults" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults" ] } ] }, "put": { "tags": [ "Assessment Results" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putAssessmentResultsSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] }, "delete": { "tags": [ "Assessment Results" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteAssessmentResultsSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of AssessmentResults", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:assessmentResults", "write:assessmentResults" ] } ] } }, "/catalog": { "get": { "tags": [ "Catalog" ], "summary": "Returns a list of every relevant catalog.", "description": "Returns a list of every relevant catalog.", "operationId": "getCatalog", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalogsEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "post": { "tags": [ "Catalog" ], "summary": "Adds a new catalog.", "description": "Adds a new catalog.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postCatalog", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalogEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalog" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalogXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalog" } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}": { "get": { "tags": [ "Catalog" ], "summary": "Returns the catalog represented by the catalog ID.", "description": "Returns the catalog represented by the catalog ID.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getCatalogById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALCatalogXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "put": { "tags": [ "Catalog" ], "summary": "Replaces the catalog represented by the catalog ID.", "description": "Replaces the catalog represented by the catalog ID.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putCatalog", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalog" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalogXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALCatalog" } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] }, "delete": { "tags": [ "Catalog" ], "summary": "Deletes the catalog represented by the catalog ID.", "description": "Deletes the catalog represented by the catalog ID.", "operationId": "deleteCatalog", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}/attachment": { "get": { "tags": [ "Catalog" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getCatalogAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "post": { "tags": [ "Catalog" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postCatalogAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Catalog" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getCatalogAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "put": { "tags": [ "Catalog" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putCatalogAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] }, "delete": { "tags": [ "Catalog" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteCatalogAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Catalog" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getCatalogAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "put": { "tags": [ "Catalog" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putCatalogAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}/snapshot": { "get": { "tags": [ "Catalog" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getCatalogSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalogsSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "post": { "tags": [ "Catalog" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postCatalogSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalogsSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/catalog/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Catalog" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getCatalogSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALCatalogXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALCatalog" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog" ] } ] }, "put": { "tags": [ "Catalog" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putCatalogSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] }, "delete": { "tags": [ "Catalog" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteCatalogSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of Catalog", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:catalog", "write:catalog" ] } ] } }, "/system-security-plan": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns a list of every relevant system security plan.", "description": "Returns a list of every relevant system security plan.", "operationId": "getSystemSecurityPlan", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlansEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:systemSecurityPlan" ] } ] }, "post": { "tags": [ "System Security Plan" ], "summary": "Adds a new system security plan.", "description": "Adds a new system security plan.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postSystemSecurityPlan", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlanEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlanXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" } } } }, "security": [ { "oscal_auth": [ "read:systemSecurityPlan", "write:systemSecurityPlan" ] } ] } }, "/system-security-plan/{content-uuid}": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns the system security plan represented by the `content-uuid`.", "description": "Returns the system security plan represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getSystemSecurityPlanById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlan" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlanXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlan" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:systemSecurityPlan" ] } ] }, "put": { "tags": [ "System Security Plan" ], "summary": "Replaces the system security plan represented by the `content-uuid`.", "description": "Replaces the system security plan represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putSystemSecurityPlan", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlanXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALSystemSecurityPlan" } } } }, "security": [ { "oscal_auth": [ "read:systemSecurityPlan", "write:systemSecurityPlan" ] } ] }, "delete": { "tags": [ "System Security Plan" ], "summary": "Deletes the system security plan represented by the `content-uuid`.", "description": "Deletes the system security plan represented by the `content-uuid`.", "operationId": "deleteSystemSecurityPlan", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:systemSecurityPlan", "write:systemSecurityPlan" ] } ] } }, "/system-security-plan/{content-uuid}/attachment": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getSystemSecurityPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment" ] } ] }, "post": { "tags": [ "System Security Plan" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postSystemSecurityPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment", "write:attachment" ] } ] } }, "/system-security-plan/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getSystemSecurityPlanAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment" ] } ] }, "put": { "tags": [ "System Security Plan" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putSystemSecurityPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment", "write:attachment" ] } ] }, "delete": { "tags": [ "System Security Plan" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteSystemSecurityPlanAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment", "write:attachment" ] } ] } }, "/system-security-plan/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "System Security Plan" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getSystemSecurityPlanAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:attachment" ] } ] }, "put": { "tags": [ "System Security Plan" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putSystemSecurityPlanAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:attachment", "write:attachment" ] } ] } }, "/system-security-plan/{content-uuid}/snapshot": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getSystemSecurityPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlansSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:snapshot" ] } ] }, "post": { "tags": [ "System Security Plan" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postSystemSecurityPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlansSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:snapshot", "write:snapshot" ] } ] } }, "/system-security-plan/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "System Security Plan" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getSystemSecurityPlanSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlan" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlanXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALSystemSecurityPlan" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:snapshot" ] } ] }, "put": { "tags": [ "System Security Plan" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putSystemSecurityPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:snapshot", "write:snapshot" ] } ] }, "delete": { "tags": [ "System Security Plan" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteSystemSecurityPlanSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of SystemSecurityPlan", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:snapshot", "write:snapshot" ] } ] } }, "/plan-of-action-and-milestones": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns a list of every relevant plan of action and milestones.", "description": "Returns a list of every relevant plan of action and milestones.", "operationId": "getPlanOfActionAndMilestones", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "post": { "tags": [ "Plan of Action and Milestones" ], "summary": "Adds a new plan of action and milestones.", "description": "Adds a new plan of action and milestones.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postPlanOfActionAndMilestones", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns the plan of action and milestones represented by the `content-uuid`.", "description": "Returns the plan of action and milestones represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getPlanOfActionAndMilestonesById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "put": { "tags": [ "Plan of Action and Milestones" ], "summary": "Replaces the plan of action and milestones represented by the `content-uuid`.", "description": "Replaces the plan of action and milestones represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putPlanOfActionAndMilestones", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALPlanOfActionAndMilestones" } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] }, "delete": { "tags": [ "Plan of Action and Milestones" ], "summary": "Deletes the plan of action and milestones represented by the `content-uuid`.", "description": "Deletes the plan of action and milestones represented by the `content-uuid`.", "operationId": "deletePlanOfActionAndMilestones", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}/attachment": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getPlanOfActionAndMilestonesAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "post": { "tags": [ "Plan of Action and Milestones" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postPlanOfActionAndMilestonesAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getPlanOfActionAndMilestonesAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "put": { "tags": [ "Plan of Action and Milestones" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putPlanOfActionAndMilestonesAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] }, "delete": { "tags": [ "Plan of Action and Milestones" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deletePlanOfActionAndMilestonesAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getPlanOfActionAndMilestonesAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "put": { "tags": [ "Plan of Action and Milestones" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putPlanOfActionAndMilestonesAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}/snapshot": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getPlanOfActionAndMilestonesSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "post": { "tags": [ "Plan of Action and Milestones" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postPlanOfActionAndMilestonesSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesListSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/plan-of-action-and-milestones/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Plan of Action and Milestones" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getPlanOfActionAndMilestonesSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestonesXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALPlanOfActionAndMilestones" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones" ] } ] }, "put": { "tags": [ "Plan of Action and Milestones" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putPlanOfActionAndMilestonesSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] }, "delete": { "tags": [ "Plan of Action and Milestones" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deletePlanOfActionAndMilestonesSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of PlanOfActionAndMilestones", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:planOfActionAndMilestones", "write:planOfActionAndMilestones" ] } ] } }, "/component-definition": { "get": { "tags": [ "Component Definition" ], "summary": "Returns a list of every relevant component definition.", "description": "Returns a list of every relevant component definition.", "operationId": "getComponentDefinition", "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionsEntries" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "post": { "tags": [ "Component Definition" ], "summary": "Adds a new component definition.", "description": "Adds a new component definition.\n\n **The client _must_** include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format. \n\n **The implementation _must_** accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n\n **The implementation _must_** check for the presence of an `identifer` with a `scheme` value of `http://oscal.io/oscal/identifier/content-uuid` in the document ID array (`//metaschema/document-ids`). \n\n- If present, the implementaiton must use this value as the `content-uuid`. \n- If not present, the implementation must generate a v4 or v5 UUID for use as the `content-uuid` and insert it into document ID array using `http://oscal.io/oscal/identifier/content-uuid` as the `scheme` value. \n", "operationId": "postComponentDefinition", "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinition" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinitionXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinition" } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}": { "get": { "tags": [ "Component Definition" ], "summary": "Returns the component definition represented by the `content-uuid`.", "description": "Returns the component definition represented by the `content-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getComponentDefinitionById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinition" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinition" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "put": { "tags": [ "Component Definition" ], "summary": "Replaces the component definition represented by the `content-uuid`.", "description": "Replaces the component definition represented by the `content-uuid`.\n\n The client must include the `Content-type` HTML header and set it to one of the following:\n - `application/json` when sending an OSCAL file in JSON format;\n - `application/xml` when sending an OSCAL file in XML format; or\n - `application/yaml` when sending an OSCAL file in YAML format.\n\n The implementation _must_ accept all three OSCAL formats. OSCAL content sent to the server in any one of the three formats _must_ be made available in all three formats for the relevant GET method/endpoint combinations.\n", "operationId": "putComponentDefinition", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "required" : true, "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinition" } }, "application/xml" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinitionXML" } }, "application/yaml" : { "schema" : { "$ref" : "#/components/schemas/OSCALComponentDefinition" } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] }, "delete": { "tags": [ "Component Definition" ], "summary": "Deletes the component definition represented by the `content-uuid`.", "description": "Deletes the component definition represented by the `content-uuid`.", "operationId": "deleteComponentDefinition", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}/attachment": { "get": { "tags": [ "Component Definition" ], "summary": "Returns a list of every relevant attachment.", "description": "Returns a list of every relevant attachment.", "operationId": "getComponentDefinitionAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachments" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "post": { "tags": [ "Component Definition" ], "summary": "Adds a new attachment and returns the UUID of the resource.", "description": "Adds a new attachment and creates a new back-matter resource in the OSCAL file. The UUID of the resource is returned.", "operationId": "postComponentDefinitionAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALAttachmentEntry" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}/attachment/{resource-uuid}": { "get": { "tags": [ "Component Definition" ], "summary": "Returns the attachment represented by the back-matter resource UUID.", "description": "Returns the attachment represented by the back-matter resource UUID.", "operationId": "getComponentDefinitionAttachmentByUuid", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "A binary file in any type", "content": { "multipart/form-data": { "schema": { "type": "object", "properties": { "file": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "name": { "type": "string" }, "media-type": { "type": "string" }, "attachment-binary": { "type": "string", "format": "binary" } } } } } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "put": { "tags": [ "Component Definition" ], "summary": "Replaces the attachment represented by the resource UUID.", "description": "Replaces the attachment represented by the resource UUID.", "operationId": "putComponentDefinitionAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] }, "delete": { "tags": [ "Component Definition" ], "summary": "Deletes the attachment and associated resource.", "description": "Deletes the attachment and the associated back-matter resource represented by the resource UUID.", "operationId": "deleteComponentDefinitionAttachment", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}/attachment/{resource-uuid}/resource": { "get": { "tags": [ "Component Definition" ], "summary": "Retrieves the OSCAL back-matter / resource information.", "description": "Retrieves the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "getComponentDefinitionAttachmentResourceBy", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "put": { "tags": [ "Component Definition" ], "summary": "Updates the content of the back-matter resource.", "description": "Updates the content of the back-matter resource represented by the resource UUID, consistent with the NIST OSCAL syntax for back-matter resource assemblies.", "operationId": "putComponentDefinitionAttachmentResource", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "resource-uuid", "in": "path", "description": "UUID of Back Matter Resource", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALResource" } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}/snapshot": { "get": { "tags": [ "Component Definition" ], "summary": "Returns a list of every relevant snapshot.", "description": "Returns a list of every relevant snapshot.", "operationId": "getComponentDefinitionSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionsSnapshots" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "post": { "tags": [ "Component Definition" ], "summary": "Creates a snapshot of the file in its current state.", "description": "Creates a snapshot of the file in its current state. The implementation _must_ assign and track a unique identifier for the snapshot, by which the snapshot may be referenced later. The implementation _must_ add the `snapshot-created` property to the OSCAL document's `metadata` as follows:\n\n - **Snapshot Created** Property [**Exactly 1 (REQUIRED)**]:\n - `\"name\" : \"snapshot-created\"`\n - `\"value\" : \"2024-03-24T16:10:42.251Z\"` (date-time-with-timezone)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n The implementation _may_ add a `snapshot-description` property, as well as `snapshot-label` and `snapshot-type` properties to the OSCAL document's `metadata` as follows when included in the payload from the client:\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (`value` is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "postComponentDefinitionSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } } ], "responses": { "201": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionsSnapshots" } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } }, "/component-definition/{content-uuid}/snapshot/{snapshot-uuid}": { "get": { "tags": [ "Component Definition" ], "summary": "Returns the snapshot represented by the `snapshot-uuid`.", "description": "Returns the snapshot represented by the `snapshot-uuid`.\n\n When processing this request, the implementation _must_ honor the `Accept` HTTP header for JSON, XML, and YAML. When `Accept` is set to:\n- `application/json` or `application/oscal+json` return the OSCAL content in JSON format;\n- `application/xml` (preferred by RFC 7303) or `text/xml` (deprecated by RFC 7303) or `application/oscal+xml` return the OSCAL content in XML format; or\n- `application/yaml` or `text/yaml` return the OSCAL content in YAML format.\n\n When returning the OSCAL content, the implementation _must_ set the `Content-type` header to:\n - `application/json` when returning the OSCAL content in JSON format;\n - `application/xml` when returning the OSCAL content in XML format; or\n - `application/yaml` when return the OSCAL content in YAML format.\n", "operationId": "getComponentDefinitionSnapshotById", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinition" } }, "application/xml": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinitionXML" } }, "application/yaml": { "schema": { "$ref": "#/components/schemas/OSCALComponentDefinition" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition" ] } ] }, "put": { "tags": [ "Component Definition" ], "summary": "Modifies the snapshot description, types and labels.", "description": "Modifies the snapshot description, as well as the snapshot type and label tags. The implementation _must_ ensure the `snapshot-created` property is immutable. The following properties may be added, changed, or removed by this method.\n\n - **Snapshot Description** Property [**0 or 1 (OPTIONAL)**]:\n - `\"name\" : \"snapshot-description\"`\n - `\"value\" : \"na\"` (Value is required by OSCAL, but not needed for this property. It can include any string.)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n - `\"remarks\" : \"An optional snapshot description.\"` (markup-multiline)\n\n - **Snapshot Label** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-label\"`\n - `\"value\" : \"v1.2.3\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n - **Snapshot Type** Property [**0 or more (OPTIONAL)**]:\n - `\"name\" : \"snapshot-type\"`\n - `\"value\" : \"published\"` (token)\n - `\"ns\" : \"http://oscal.io/ns/oscal/1.0.0\"`\n\n All of the above properties are OSCAL extensions and must include the namespace (`ns`) information.\n", "operationId": "putComponentDefinitionSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "415": { "description": "Unsupported Media Type", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "422": { "description": "Unprocessable Content", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALSnapshotAttributes" } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] }, "delete": { "tags": [ "Component Definition" ], "summary": "Deletes the snapshot represented by the `snapshot-uuid`.", "description": "Deletes the snapshot represented by the `snapshot-uuid`.", "operationId": "deleteComponentDefinitionSnapshot", "parameters": [ { "name": "content-uuid", "in": "path", "description": "ID of ComponentDefinition", "required": true, "schema": { "$ref": "#/components/schemas/content-uuid" } }, { "name": "snapshot-uuid", "in": "path", "description": "ID of Snapshot", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Successful operation" }, "401": { "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "403": { "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "409": { "description": "Conflit", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } }, "410": { "description": "Gone", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OSCALErrorMessage" } } } } }, "security": [ { "oscal_auth": [ "read:componentDefinition", "write:componentDefinition" ] } ] } } }, "components": { "schemas": { "OSCALCatalog": { "type": "object", "properties": { "catalog": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog" } } }, "OSCALCatalogXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog" }, "OSCALProfile": { "type": "object", "properties": { "profile": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile" } } }, "OSCALProfileXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_profile_schema.json#/definitions/assembly_oscal-profile_profile" }, "OSCALComponentDefinition": { "type": "object", "properties": { "component-definition": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition" } } }, "OSCALComponentDefinitionXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_component_schema.json#/definitions/assembly_oscal-component-definition_component-definition" }, "OSCALSystemSecurityPlan": { "type": "object", "properties": { "system-security-plan": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan" } } }, "OSCALSystemSecurityPlanXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_ssp_schema.json#/definitions/assembly_oscal-ssp_system-security-plan" }, "OSCALPlanOfActionAndMilestones": { "type": "object", "properties": { "plan-of-action-and-milestones": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones" } } }, "OSCALPlanOfActionAndMilestonesXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_poam_schema.json#/definitions/assembly_oscal-poam_plan-of-action-and-milestones" }, "OSCALAssessmentPlan": { "type": "object", "properties": { "assessment-plan": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan" } } }, "OSCALAssessmentPlanXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-plan_schema.json#/definitions/assembly_oscal-ap_assessment-plan" }, "OSCALErrorMessage": { "type": "object", "properties": { "message": { "type": "string" }, "code": { "type": "string" } } }, "OSCALAssessmentResults": { "type": "object", "properties": { "assessment-results": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results" } } }, "OSCALAssessmentResultsXML": { "type": "object", "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_assessment-results_schema.json#/definitions/assembly_oscal-ar_assessment-results" }, "OSCALAttachmentEntry": { "$ref": "#/components/schemas/OSCALResource" }, "OSCALAttachmentEntryXML": { "$ref": "#/components/schemas/OSCALResourceXML" }, "OSCALAttachments": { "type": "object", "properties": { "attachment-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALAttachmentNoBase64" } } } }, "OSCALProfileEntry": { "type": "object", "properties": { "profile-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALCatalogEntry": { "type": "object", "properties": { "catalog-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALSystemSecurityPlanEntry": { "type": "object", "properties": { "system-security-plan-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALComponentDefinitionEntry": { "type": "object", "properties": { "component-definition-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALAssessmentPlanEntry": { "type": "object", "properties": { "assessment-plan-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALAssessmentResultsEntry": { "type": "object", "properties": { "assessment-results-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALPlanOfActionAndMilestonesEntry": { "type": "object", "properties": { "plan-of-action-and-milestones-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALProfilesEntries": { "type": "object", "properties": { "profile-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALComponentDefinitionsEntries": { "type": "object", "properties": { "component-definition-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALPlanOfActionAndMilestonesListEntries": { "type": "object", "properties": { "plan-of-action-and-milestones-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALAssessmentResultsListEntries": { "type": "object", "properties": { "assessment-results-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALAssessmentPlansEntries": { "type": "object", "properties": { "assessment-plan-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALSystemSecurityPlansEntries": { "type": "object", "properties": { "system-security-plan-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALCatalogsEntries": { "type": "object", "properties": { "catalog-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelEntry" } } } }, "OSCALResolvedSnapshotsSnapshots": { "type": "object", "properties": { "resolved-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALCatalogsSnapshots": { "type": "object", "properties": { "catalog-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALProfilesSnapshots": { "type": "object", "properties": { "profile-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALSystemSecurityPlansSnapshots": { "type": "object", "properties": { "system-security-plan-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALAttachmentNoBase64": { "type": "object", "properties": { "resource-uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "file-name": { "type": "string" }, "media-type": { "type": "string" }, "title": { "type": "string" }, "published": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" }, "remarks": { "type": "string" } } }, "OSCALResource": { "type": "object", "properties": { "resource": { "properties": { "uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title": { "type": "string" }, "description": { "type": "string" }, "document-ids": { "type": "array", "items": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" } }, "citation": { "$ref": "#/components/schemas/OSCALCitation" }, "rlinks": { "$ref": "#/components/schemas/OSCALRLinks" }, "base64": { "$ref": "#/components/schemas/OSCALBase64" }, "remarks": { "$ref": "#/components/schemas/OSCALRemarks" } } } } }, "OSCALResourceXML": { "type": "object", "properties": { "uuid": { "type": "string", "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" }, "title": { "type": "string" }, "description": { "type": "string" }, "document-ids": { "type": "array", "items": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" } }, "citation": { "$ref": "#/components/schemas/OSCALCitation" }, "rlinks": { "$ref": "#/components/schemas/OSCALRLinks" }, "base64": { "$ref": "#/components/schemas/OSCALBase64" }, "remarks": { "$ref": "#/components/schemas/OSCALRemarks" } }, "xml": { "name": "resource" } }, "OSCALCitation": { "type": "object", "properties": { "text": { "type": "string" }, "props": { "$ref": "#/components/schemas/OSCALProps" }, "links": { "$ref": "#/components/schemas/OSCALLinks" } } }, "OSCALLink": { "type": "object", "properties": { "link": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_link" } } }, "OSCALLinks": { "type": "object", "properties": { "links": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALLink" } } } }, "OSCALProp": { "type": "object", "properties": { "prop": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-metadata_property" } } }, "OSCALProps": { "type": "object", "properties": { "props": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALProp" } } } }, "OSCALRLinks": { "type": "object", "properties": { "rlinks": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALRLink" } } } }, "OSCALRLink": { "type": "object", "properties": { "href": { "type": "string", "format": "uri-reference" }, "media-type": { "type": "string", "pattern": "^\\S(.*\\S)?$" }, "hashes": { "$ref": "#/components/schemas/OSCALHashes" } } }, "OSCALHash": { "type": "object", "properties": { "hash": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_hash" } } }, "OSCALHashes": { "type": "object", "properties": { "hashes": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALHash" } } } }, "OSCALBase64": { "type": "object", "properties": { "filename": { "type": "string", "format": "uri-reference" }, "media-type": { "type": "string", "pattern": "^\\S(.*\\S)?$" }, "value": { "type": "string" } } }, "OSCALRemarks": { "type": "object", "properties": { "remarks": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" } } }, "OSCALAttachment": { "$ref": "#/components/schemas/OSCALResource" }, "OSCALModelSnapshotEntry": { "type": "object", "properties": { "content-uuid": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid" }, "title": { "type": "string" }, "published": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" }, "last-modified": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" }, "version": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" }, "oscal-version": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" }, "document-ids": { "type": "array", "items": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" } }, "markings": { "type": "array", "items": { "type": "string" } }, "status": { "type": "string" }, "remarks": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" } } }, "OSCALSnapshotAttributes": { "type": "object", "properties": { "snapshot": { "type": "object", "properties": { "created": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" }, "description": { "type": "string" }, "labels": { "type": "array", "items": { "$ref": "#/components/schemas/Token" } }, "types": { "type": "array", "items": { "$ref": "#/components/schemas/Token" } } } } } }, "OSCALModelEntry": { "type": "object", "properties": { "content-uuid": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid" }, "title": { "type": "string" }, "published": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_published" }, "last-modified": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_last-modified" }, "version": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_version" }, "oscal-version": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_oscal-version" }, "document-ids": { "type": "array", "items": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_document-id" } }, "markings": { "type": "array", "items": { "type": "string" } }, "remarks": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/field_oscal-metadata_remarks" } } }, "OSCALAssessmentPlansSnapshots": { "type": "object", "properties": { "assessment-plan-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALComponentDefinitionsSnapshots": { "type": "object", "properties": { "component-definition-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALAssessmentResultsListSnapshots": { "type": "object", "properties": { "assessment-results-snapshot-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "OSCALPlanOfActionAndMilestonesListSnapshots": { "type": "object", "properties": { "plan-of-action-and-milestones-list": { "type": "array", "items": { "$ref": "#/components/schemas/OSCALModelSnapshotEntry" } } } }, "Token": { "type": "string", "minLength": 1, "maxLength": 72, "pattern": "^(\\p{Ll}|_)(\\p{L}|\\p{N}|[.\\-_])*$" }, "content-uuid": { "$ref": "https://raw.githubusercontent.com/EasyDynamics/OSCAL/json-schema-ref-by-path/json/schema/oscal_catalog_schema.json#/definitions/assembly_oscal-catalog_catalog/properties/uuid" } }, "securitySchemes": { "oscal_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://localhost/oauth/dialog", "scopes": { "write:catalog": "modify catalogs in your account", "read:catalog": "read your catalogs", "write:profile": "modify profiles in your account", "read:profile": "read your profiles", "write:componentDefinition": "modify component definitions in your account", "read:componentDefinition": "read your component definitions", "write:systemSecurityPlan": "modify system security plans in your account", "read:systemSecurityPlan": "read your system security plans", "write:party": "modify parties in your account", "read:party": "read your parties", "write:poam": "modify poams in your account", "read:poam": "read your poams", "write:assessmentPlan": "modify assessment plans in your account", "read:assessmentPlan": "read your assessment plans", "write:assessmentResults": "modify assessment results in your account", "read:assessmentResults": "read your assessment results", "write:implementedRequirement": "modify implemented requirements in your account", "read:implementedRequirement": "read your implemented requirements", "write:metadata": "modify metadata in your account", "read:metadata": "read your metadata", "write:backmatter": "modify back-matter in your account", "read:backmatter": "read your back-matter", "write:systemCharacteristics": "modify system characteristics in your account", "read:systemCharacteristics": "read your system characteristics", "write:systemImplementation": "modify system Implementation in your account", "read:systemImplementation": "read your system Implementation", "write:controlImplementation": "modify control Implementation in your account", "read:controlImplementation": "read your control Implementation", "write:importProfile": "modify import-profiles in your account", "read:importProfile": "read your import-profiles" } } } } } } }