trestle.oscal.assessment_results

`trestle.oscal.assessment_results` ¤

Attributes¤

Classes¤

`AssessmentLog` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.AssessmentLog[AssessmentLog]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.AssessmentLog
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.AssessmentLog href "" "trestle.oscal.assessment_results.AssessmentLog"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

A log of all assessment-related actions taken.

Source code in trestle/oscal/assessment_results.py

class AssessmentLog(OscalBaseModel):
    """
    A log of all assessment-related actions taken.
    """

    class Config:
        extra = Extra.forbid

    entries: list[Entry1] = Field(...)

Attributes¤

`entries = Field(...)` `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`AssessmentResults` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.AssessmentResults[AssessmentResults]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.AssessmentResults
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.AssessmentResults href "" "trestle.oscal.assessment_results.AssessmentResults"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.

Source code in trestle/oscal/assessment_results.py

class AssessmentResults(OscalBaseModel):
    """
    Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(
        ...,
        description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Results Universally Unique Identifier',
    )
    metadata: common.Metadata
    import_ap: ImportAp = Field(..., alias='import-ap')
    local_definitions: LocalDefinitions | None = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions')
    results: list[Result] = Field(...)
    back_matter: common.BackMatter | None = Field(None, alias='back-matter')

Attributes¤

`back_matter = Field(None, alias='back-matter')` `class-attribute` `instance-attribute` ¤

`import_ap = Field(..., alias='import-ap')` `class-attribute` `instance-attribute` ¤

`local_definitions = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions')` `class-attribute` `instance-attribute` ¤

`metadata` `instance-attribute` ¤

`results = Field(...)` `class-attribute` `instance-attribute` ¤

uuid = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this assessment results instance in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Assessment Results Universally Unique Identifier') `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`Attestation` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.Attestation[Attestation]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.Attestation
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.Attestation href "" "trestle.oscal.assessment_results.Attestation"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

A set of textual statements, typically written by the assessor.

Source code in trestle/oscal/assessment_results.py

class Attestation(OscalBaseModel):
    """
    A set of textual statements, typically written by the assessor.
    """

    class Config:
        extra = Extra.forbid

    responsible_parties: list[common.ResponsibleParty] | None = Field(None, alias='responsible-parties')
    parts: list[common.AssessmentPart] = Field(...)

Attributes¤

`parts = Field(...)` `class-attribute` `instance-attribute` ¤

`responsible_parties = Field(None, alias='responsible-parties')` `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`Entry1` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.Entry1[Entry1]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.Entry1
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.Entry1 href "" "trestle.oscal.assessment_results.Entry1"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.

Source code in trestle/oscal/assessment_results.py

class Entry1(OscalBaseModel):
    """
    Identifies the result of an action and/or task that occurred as part of executing an assessment plan or an assessment event that occurred in producing the assessment results.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(
        ...,
        description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Assessment Log Entry Universally Unique Identifier',
    )
    title: constr(regex=r'^[^\n]+$') | None = Field(None, description='The title for this event.', title='Action Title')
    description: str | None = Field(None, description='A human-readable description of this event.', title='Action Description')
    start: datetime = Field(..., description='Identifies the start date and time of an event.', title='Start')
    end: datetime | None = Field(None, description='Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.', title='End')
    props: list[common.Property] | None = Field(None)
    links: list[common.Link] | None = Field(None)
    logged_by: list[common.LoggedBy] | None = Field(None, alias='logged-by')
    related_tasks: list[common.RelatedTask] | None = Field(None, alias='related-tasks')
    remarks: str | None = None

Attributes¤

`description = Field(None, description='A human-readable description of this event.', title='Action Description')` `class-attribute` `instance-attribute` ¤

`end = Field(None, description='Identifies the end date and time of an event. If the event is a point in time, the start and end will be the same date and time.', title='End')` `class-attribute` `instance-attribute` ¤

`links = Field(None)` `class-attribute` `instance-attribute` ¤

`logged_by = Field(None, alias='logged-by')` `class-attribute` `instance-attribute` ¤

`props = Field(None)` `class-attribute` `instance-attribute` ¤

`related_tasks = Field(None, alias='related-tasks')` `class-attribute` `instance-attribute` ¤

`remarks = None` `class-attribute` `instance-attribute` ¤

`start = Field(..., description='Identifies the start date and time of an event.', title='Start')` `class-attribute` `instance-attribute` ¤

`title = Field(None, description='The title for this event.', title='Action Title')` `class-attribute` `instance-attribute` ¤

uuid = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference an assessment event in this or other OSCAL instances. The locally defined UUID of the assessment log entry can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Assessment Log Entry Universally Unique Identifier') `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`ImportAp` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.ImportAp[ImportAp]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.ImportAp
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.ImportAp href "" "trestle.oscal.assessment_results.ImportAp"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Used by assessment-results to import information about the original plan for assessing the system.

Source code in trestle/oscal/assessment_results.py

class ImportAp(OscalBaseModel):
    """
    Used by assessment-results to import information about the original plan for assessing the system.
    """

    class Config:
        extra = Extra.forbid

    href: str = Field(..., description='A resolvable URL reference to the assessment plan governing the assessment activities.', title='Assessment Plan Reference')
    remarks: str | None = None

Attributes¤

`href = Field(..., description='A resolvable URL reference to the assessment plan governing the assessment activities.', title='Assessment Plan Reference')` `class-attribute` `instance-attribute` ¤

`remarks = None` `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`LocalDefinitions` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.LocalDefinitions[LocalDefinitions]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.LocalDefinitions
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.LocalDefinitions href "" "trestle.oscal.assessment_results.LocalDefinitions"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py

class LocalDefinitions(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    objectives_and_methods: list[common.LocalObjective] | None = Field(None, alias='objectives-and-methods')
    activities: list[common.Activity] | None = Field(None)
    remarks: str | None = None

Attributes¤

`activities = Field(None)` `class-attribute` `instance-attribute` ¤

`objectives_and_methods = Field(None, alias='objectives-and-methods')` `class-attribute` `instance-attribute` ¤

`remarks = None` `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`LocalDefinitions1` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.LocalDefinitions1[LocalDefinitions1]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.LocalDefinitions1
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.LocalDefinitions1 href "" "trestle.oscal.assessment_results.LocalDefinitions1"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.

Source code in trestle/oscal/assessment_results.py

class LocalDefinitions1(OscalBaseModel):
    """
    Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
    """

    class Config:
        extra = Extra.forbid

    components: list[common.SystemComponent] | None = Field(None)
    inventory_items: list[common.InventoryItem] | None = Field(None, alias='inventory-items')
    users: list[common.SystemUser] | None = Field(None)
    assessment_assets: common.AssessmentAssets | None = Field(None, alias='assessment-assets')
    tasks: list[common.Task] | None = Field(None)

Attributes¤

`assessment_assets = Field(None, alias='assessment-assets')` `class-attribute` `instance-attribute` ¤

`components = Field(None)` `class-attribute` `instance-attribute` ¤

`inventory_items = Field(None, alias='inventory-items')` `class-attribute` `instance-attribute` ¤

`tasks = Field(None)` `class-attribute` `instance-attribute` ¤

`users = Field(None)` `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

`Model` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.Model[Model]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.Model
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.Model href "" "trestle.oscal.assessment_results.Model"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Source code in trestle/oscal/assessment_results.py

class Model(OscalBaseModel):
    assessment_results: AssessmentResults = Field(..., alias='assessment-results')

Attributes¤

`assessment_results = Field(..., alias='assessment-results')` `class-attribute` `instance-attribute` ¤

`Result` ¤

Bases: OscalBaseModel


              flowchart TD
              trestle.oscal.assessment_results.Result[Result]
              trestle.core.base_model.OscalBaseModel[OscalBaseModel]
              trestle.core.trestle_base_model.TrestleBaseModel[TrestleBaseModel]

                              trestle.core.base_model.OscalBaseModel --> trestle.oscal.assessment_results.Result
                                trestle.core.trestle_base_model.TrestleBaseModel --> trestle.core.base_model.OscalBaseModel
                



              click trestle.oscal.assessment_results.Result href "" "trestle.oscal.assessment_results.Result"
              click trestle.core.base_model.OscalBaseModel href "" "trestle.core.base_model.OscalBaseModel"
              click trestle.core.trestle_base_model.TrestleBaseModel href "" "trestle.core.trestle_base_model.TrestleBaseModel"

Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.

Source code in trestle/oscal/assessment_results.py

class Result(OscalBaseModel):
    """
    Used by the assessment results and POA&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA&M, this identifies initial and residual risks, deviations, and disposition.
    """

    class Config:
        extra = Extra.forbid

    uuid: constr(regex=r'^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$') = Field(
        ...,
        description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
        title='Results Universally Unique Identifier',
    )
    title: constr(regex=r'^[^\n]+$') = Field(..., description='The title for this set of results.', title='Results Title')
    description: str = Field(..., description='A human-readable description of this set of test results.', title='Results Description')
    start: datetime = Field(..., description='Date/time stamp identifying the start of the evidence collection reflected in these results.', title='start field')
    end: datetime | None = Field(None, description='Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.', title='end field')
    props: list[common.Property] | None = Field(None)
    links: list[common.Link] | None = Field(None)
    local_definitions: LocalDefinitions1 | None = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions')
    reviewed_controls: common.ReviewedControls = Field(..., alias='reviewed-controls')
    attestations: list[Attestation] | None = Field(None)
    assessment_log: AssessmentLog | None = Field(None, alias='assessment-log', description='A log of all assessment-related actions taken.', title='Assessment Log')
    observations: list[common.Observation] | None = Field(None)
    risks: list[common.Risk] | None = Field(None)
    findings: list[common.Finding] | None = Field(None)
    remarks: str | None = None

Attributes¤

`assessment_log = Field(None, alias='assessment-log', description='A log of all assessment-related actions taken.', title='Assessment Log')` `class-attribute` `instance-attribute` ¤

`attestations = Field(None)` `class-attribute` `instance-attribute` ¤

`description = Field(..., description='A human-readable description of this set of test results.', title='Results Description')` `class-attribute` `instance-attribute` ¤

`end = Field(None, description='Date/time stamp identifying the end of the evidence collection reflected in these results. In a continuous motoring scenario, this may contain the same value as start if appropriate.', title='end field')` `class-attribute` `instance-attribute` ¤

`findings = Field(None)` `class-attribute` `instance-attribute` ¤

`links = Field(None)` `class-attribute` `instance-attribute` ¤

`local_definitions = Field(None, alias='local-definitions', description='Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.', title='Local Definitions')` `class-attribute` `instance-attribute` ¤

`observations = Field(None)` `class-attribute` `instance-attribute` ¤

`props = Field(None)` `class-attribute` `instance-attribute` ¤

`remarks = None` `class-attribute` `instance-attribute` ¤

`reviewed_controls = Field(..., alias='reviewed-controls')` `class-attribute` `instance-attribute` ¤

`risks = Field(None)` `class-attribute` `instance-attribute` ¤

`start = Field(..., description='Date/time stamp identifying the start of the evidence collection reflected in these results.', title='start field')` `class-attribute` `instance-attribute` ¤

`title = Field(..., description='The title for this set of results.', title='Results Title')` `class-attribute` `instance-attribute` ¤

uuid = Field(..., description='A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this set of results in this or other OSCAL instances. The locally defined UUID of the assessment result can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.', title='Results Universally Unique Identifier') `class-attribute` `instance-attribute` ¤

Classes¤

`Config` ¤

Source code in trestle/oscal/assessment_results.py

class Config:
    extra = Extra.forbid

Attributes¤

extra = Extra.forbid class-attribute instance-attribute ¤

handler: python

trestle.oscal.assessment_results