API docs by Redocly

Enterprise Mission Assurance Support Service (eMASS) (v3.22)

Download OpenAPI specification:Download

NISP eMASS Support: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil URL: https://www.dcsa.mil/is/emass/ License: Apache 2.0

The eMASS Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.

The eMASS API provides an interface for application to communicate eMASS Services. For information on how to register and use the eMASS API reference the eMASS API Getting Started.

Additional information about eMASS can be obtain by contacting the National Industrial Security Program (NISP). Points of Contact are:

NISP eMASS User Account Request Guide

Test

The Test Connection endpoint provides the ability to verify connection to the web service.

Test connection to the API

Tests the endpoint connection

Authorizations:
(apiKeyuserId) mockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Registration

The Registration endpoint provides the ability to register a certificate & obtain an API-key.

Note:

  • The API-key must be provided in the request header for all endpoint calls.
  • Example header: api-key: f0126b6b-f232-45c9-a8de-01d5f003deda

Register user certificate and obtain an API key

Returns the API Key (api-key) that must be provided in the request header for all endpoint calls.

Authorizations:
(apiKeyuserId) mockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Systems

The Systems endpoints provide the ability to view system information.

Notes

  • If a system is dual-policy enabled, the returned system details default to the RMF policy information unless otherwise specified for an individual system.
  • Certain fields are instance specific and may not be returned in GET request.

Get system information

Returns all system(s) that match the query parameters

Authorizations:
(apiKeyuserId) mockType
query Parameters
coamsId
string

COAMS ID: Filter query by Cyber Operational Attributes Management System (COAMS).

ditprId
string

DITPR ID: Filter query by DoD Information Technology (IT) Portfolio Repository (DITPR).

includeDecommissioned
boolean
Default: true

Include Decommissioned Systems: Indicates if decommissioned systems are retrieved. If no value is specified, the default returns true to include decommissioned systems.

includeDitprMetrics
boolean
Default: false

Include DITPR: Indicates if DITPR metrics are retrieved. This query string parameter cannot be used in conjunction with the following parameters:

  • ditprId
  • coamsId

If no value is specified, the default returns false to not include DITPR Metrics.

policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy. If no value is specified, the default returns RMF policy information for dual-policy systems.

registrationType
string
Default: "regular"

Registration Type: Filter record by selected registration type (single value or comma delimited values).

Valid Options Are: assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider, commonControlProvider, authorizationToUse, reciprocityAcceptanc

reportsForScorecard
boolean
Default: true

DoD Cyber Hygiene Scorecard: Used to filter results to only return systems that report to the DoD Cyber Hygiene Scorecard.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get system information for a specific system

Returns the system matching provided parameters

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy. If no value is specified, the default returns RMF policy information for dual-policy systems.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

System Roles

The System Roles endpoints provides the ability to access user data assigned to systems.

NOTES:

  • The endpoint can access three different role categories: PAC, CAC, and Other.
  • If a system is dual-policy enabled, the returned system role information will default to the RMF policy information unless otherwise specified.

Get available roles

Returns all available roles

Authorizations:
(apiKeyuserId) mockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get system roles

Returns the role(s) data matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
roleCategory
required
string
Default: "PAC"
Enum: "CAC" "PAC" "Other"

Role Category: The system role category been queried

query Parameters
role
required
string
Default: "IAO"

Role: Accepts single value from options available at base system-roles endpoint e.g., SCA.

policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy. If no value is specified, the default returns RMF policy information for dual-policy systems.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Controls

The Controls endpoints provide the ability to view, add, and update Security Control information to a system for both the Implementation Plan and Risk Assessment.

Get control information in a system for one or many controls

Returns system control information for matching systemId path parameter

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
acronyms
string
Default: "PM-6"

Acronym: The system acronym(s) being queried (single value or comma delimited values).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update control information in a system for one or many controls

Update a Control for given systemId

Request Body Required Fields

  • acronym
  • responsibleEntities
  • controlDesignation
  • estimatedCompletionDate
  • implementationNarrative

**Business Rules**

The following optional fields (plus the Request Body Required Fields) are required based on the Implementation Status (implementationStatus) field value:

StatusRequired Fields
Planned or ImplementedslcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments
Not ApplicablenaJustification
Manually InheritedcommonControlProvider, slcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments

NOTES:

  • Risk Assessment information cannot be updated if a Security Control is Inherited.
  • Risk Assessment information cannot be updated for a DIACAP system record.
  • Implementation Plan information cannot be saved if the these fields exceed 2,000 character limits:
    • naJustification,responsibleEntities,implementationNarrative,slcmCriticality
    • slcmFrequency,slcmMethod,slcmReporting,slcmTracking,slcmComments
  • Implementation Plan or Risk Assessment information cannot be updated if Security Control does not exist in the system record.
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for updating an existing control for a given system.

Array
acronym
string

[Required] Acronym of the system record.

responsibleEntities
string

[Required] Include written description of Responsible Entities that are responsible for the Security Control. Character Limit 2,000.

controlDesignation
string
Enum: "Common" "System-Specific" "Hybrid"

[Required] Control designations

estimatedCompletionDate
integer <int64>

[Required] Field is required for Implementation Plan. Unix time format.

implementationNarrative
string

[Required] Includes security control comments. Character Limit 2,000.

commonControlProvider
string or null
Enum: "DoD" "Component" "Enclave"

[Conditional] Indicate the type of Common Control Provider for an Inherited Security Control.

naJustification
string or null

[Conditional] Provide justification for Security Controls deemed Not Applicable to the system.

slcmCriticality
string or null

[Conditional] Criticality of Security Control regarding SLCM. Character Limit = 2,000.

slcmFrequency
string or null
Enum: "Constantly" "Daily" "Weekly" "Monthly" "Quarterly" "Semi-Annually" "Annually" "Every Two Years" "Every Three Years" "Undetermined"

[Conditional] SLCM frequency

slcmMethod
string or null
Enum: "Automated" "Semi-Automated" "Manual" "Undetermined"

[Conditional] SLCM method utilized

slcmReporting
string or null

[Conditional] Method for reporting Security Control for SLCM. Character Limit = 2,000.

slcmTracking
string or null

[Conditional] How Non-Compliant Security Controls will be tracked for SLCM. Character Limit = 2,000.

slcmComments
string or null

[Conditional] Additional comments for Security Control regarding SLCM. Character Limit = 4,000.

implementationStatus
string or null
Enum: "Planned" "Implemented" "Inherited" "Not Applicable" "Manually Inherited"

[Optional] Implementation Status of the Security Control for the information system.

severity
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

vulnerabiltySummary
string or null

[Optional] Include vulnerability summary. Character Limit = 2,000.

recommendations
string or null

[Optional] Include recommendations. Character Limit = 2,000.

relevanceOfThreat
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string or null

[Optional] Include description of Security Control's impact.

residualRiskLevel
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

testMethod
string or null
Enum: "Test" "Interview" "Examine" "Test, Interview" "Test, Examine" "Interview, Examine" "Test, Interview, Examine"

[Optional] Identifies the assessment method / combination that will determine if the security requirements are implemented correctly.

mitigations
string or null

[Optional] Identify any mitigations in place for the Non-Compliant Security Control's vulnerabilities. Character Limit = 2,000.

applicationLayer
string or null

[Optional] If the Financial Management (Navy) overlay is applied to the system, this field appears and can be populated. Character Limit = 2,000. Navy only.

databaseLayer
string or null

[Optional] If the Financial Management (Navy) overlay is applied to the system, this field appears and can be populated. Navy only.

operatingSystemLayer
string or null

[Optional] If the Financial Management (Navy) overlay is applied to the system, this field appears and can be populated. Navy only.

name
string or null

[Read-only] Name of the system record.

ccis
string or null

[Read-only] Comma separated list of CCIs associated with the control.

isInherited
boolean or null

[Read-only] Indicates whether a control is inherited.

modifiedByOverlays
string or null

[Read-only] List of overlays that affect the control.

includedStatus
string or null

[Read-only] Indicates the manner by which a control was included in the system's categorization.

complianceStatus
string or null

[Read-only] Compliance of the control.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Test Results

The Test Results endpoints provide the ability to view and add test results for a system's Assessment Procedures which determine Security Control compliance.

Get one or many test results in a system

Returns system test results information for matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

latestOnly
boolean
Default: true

Latest Results Only: Indicates that only the latest test resultes are retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many test results in a system

Adds test results for given systemId

Request Body Required Fields

  • testedBy
  • testDate
  • description
  • complianceStatus
  • assessmentProcedure
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body to add test results to a system (systemId)

Array
testedBy
string

[Required] Last Name, First Name. 100 Characters.

testDate
integer <int64>

[Required] Unix time format.

description
string

[Required] Include description of test result. 4000 Characters.

complianceStatus
string

[Required] Test result compliance status

assessmentProcedure
string

[Required] The Security Control Assessment Procedure being assessed.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

POAM

The POA&Ms endpoints provide the ability to view, add, update, and remove Plan of Action and Milestones (POA&M) items and associated milestones for a system.

Get one or many POA&M items in a system

Returns system(s) containing POA&M items for matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
scheduledCompletionDateStart
string

Date Started: Filter query by the scheduled completion start date (Unix date format).

scheduledCompletionDateEnd
string

Date Ended: Filter query by the scheduled completion start date (Unix date format).

controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

systemOnly
boolean
Default: true

Systems Only: Indicates that only system(s) information is retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many POA&M items in a system

Add a POA&M for given systemId

Request Body Required Fields

FieldRequire/Condition
statusAlways (every POST)
vulnerabilityDescriptionAlways (every POST)
sourceIdentifyingVulnerabilityAlways (every POST)
pocOrganizationAlways (every POST)
resourcesAlways (every POST)
identifiedInCFOAuditOrOtherReviewRequired for VA. Optional for Army and USCG.
scheduledCompletionDateRequired for ongoing and completed POA&M items
pocFirstNameOnly if Last Name, Email, or Phone Number have data
pocLastNameOnly if First Name, Email, or Phone Number have data
pocEmailOnly if First Name, Last Name, or Phone Number have data
pocPhoneNumberOnly if First Name, Last Name, or Email have data
completionDateFor completed POA&M Item only
commentsFor completed or Risk Accepted POA&M Items only

NOTE: Certain eMASS instances also require the Risk Analysis fields to be populated:

  • severity
  • relevanceOfThreat
  • likelihood
  • impact
  • residualRiskLevel
  • mitigations

**Business Rules**

The following rules apply to the Review Status status field value:

ValueRule
Not ApprovedPOA&M cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
ApprovedPOA&M can only be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date
Are required to have a Severity Value assigned
Completed or OngoingCannot be saved without Milestones
Risk AcceptedPOA&M Item cannot be saved with a Scheduled Completion Date scheduledCompletionDate or have Milestones
Approved or Completed or OngoingCannot update Scheduled Completion Date

Additional Rules

  • POA&M Item cannot be saved if associated Security Control or AP is inherited.
  • Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
  • POA&M Items cannot be updated if they are included in an active package.
  • Archived POA&M Items cannot be updated.
  • POA&M Items with a status of "Not Applicable" will be updated through test result creation.
  • If the Security Control or Assessment Procedure does not exist in the system, the POA&M Item maybe imported at the System Level.

Fields Characters Limitation

  • POA&M Item cannot be saved if the Point of Contact (POC) fields exceed 100 characters:
    • pocOrganization pocFirstName, pocLastName, pocEmail, pocPhoneNumber
  • POA&M Item cannot be saved if Resources (resource) field exceeds 250 characters
  • POA&M Item cannot be saved if the following fields exceeds 2,000 characters:
    • mitigations, sourceIdentifyingVulnerability, comments
    • Milestones Field: description
  • POA&M Items cannot be saved if Milestone Description (description) exceeds 2,000 characters.
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body to add POA&M(s) to a system (systemId)

Array
status
string
Enum: "Ongoing" "Risk Accepted" "Completed" "Not Applicable" "Archived"

[Required] The POA&M status

vulnerabilityDescription
string

[Required] Provide a description of the POA&M Item. 2000 Characters.

sourceIdentifyingVulnerability
string

[Required] Include Source Identifying Vulnerability text. 2000 Characters.

pocOrganization
string

[Required] Organization/Office represented. 100 Characters.

resources
string

[Required] List of resources used. 250 Characters.

identifiedInCFOAuditOrOtherReview
boolean

[Required] If not specified, this field will be set to false because it does not accept a null value. VA only

pocFirstName
string

[Conditional] First name of POC. 100 Characters.

pocLastName
string

[Conditional] Last name of POC. 100 Characters.

pocEmail
string

[Conditional] Email address of POC. 100 Characters.

pocPhoneNumber
string

[Conditional] Phone number of POC (area code) -* format. 100 Characters.

severity
string

[Conditional] Required for approved items. Values include the following options: (Very Low, Low, Moderate,High,Very High)

scheduledCompletionDate
integer or null <int64>

[Conditional] Required for ongoing and completed POA&M items. Unix time format.

completionDate
integer <int64>

[Conditional] Field is required for completed POA&M items. Unix time format.

comments
string

[Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters

personnelResourcesFundedBaseHours
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

personnelResourcesCostCode
string or null

[Conditional] Required if Personnel Resources: Funded Base Hours is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

personnelResourcesUnfundedBaseHours
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

personnelResourcesNonfundingObstacle
string or null

[Conditional] Required if Personnel Resources: Unfunded Base Hours is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

personnelResourcesNonfundingObstacleOtherReason
string or null

[Conditional] Required if the value "Other" is populated for the field Personnel Resources: Non-Funding Obstacle. VA only.

nonPersonnelResourcesFundedAmount
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

nonPersonnelResourcesCostCode
string or null

[Conditional] Required if Non-Personnel Resources: Funded Amount is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

nonPersonnelResourcesUnfundedAmount
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

nonPersonnelResourcesNonfundingObstacle
string or null

[Conditional] Required if Non-Personnel Resources: Unfunded Amount is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

nonPersonnelResourcesNonfundingObstacleOtherReason
string or null

[Conditional] Required if the value "Other" is populated for the field Non-Personnel Resources: Non-Funding Obstacle. VA only.

externalUid
string

[Optional] Unique identifier external to the eMASS application for use with associating POA&Ms. 100 Characters.

controlAcronym
string

[Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.

assessmentProcedure
string

[Optional] The Security Control Assessment Procedure being associated with the POA&M Item.

securityChecks
string

[Optional] Security Checks that are associated with the POA&M.

rawSeverity
string

[Optional] Scan vulnerability ratting Values include the following options: (Very Low, Low, Moderate,High,Very High)

relevanceOfThreat
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string

[Optional] Include description of Security Control's impact.

residualRiskLevel
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

recommendations
string

[Optional] Include recommendations. Character Limit = 2,000.

mitigations
string

[Optional] Include mitigation explanation. 2000 Characters.

resultingResidualRiskLevelAfterProposedMitigations
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Indicate the risk level expected after any proposed mitigations are implemented. Proposed mitigations should be appropriately documented as POA&M milestones. Navy only.

predisposingConditions
string or null

[Optional] A predisposing condition is a condition existing within an organization, a mission or business process, enterprise architecture, information system/PIT, or environment of operation, which affects (i.e., increases or decreases) the likelihood that threat events, once initiated, result in adverse impacts. Navy only.

threatDescription
string or null

[Optional] Describe the identified threat(s) and relevance to the information system. Navy only.

devicesAffected
string or null

[Optional] List any affected devices by hostname. If all devices in the information system are affected, state 'system' or 'all'. Navy only

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many POA&M items in a system

Update a POA&M for given systemId

Request Body Required Fields

FieldRequire/Condition
poamIdAlways (every PUT)
displayPoamIdAlways (every PUT)
statusAlways (every PUT)
vulnerabilityDescriptionAlways (every PUT)
sourceIdentifyingVulnerabilityAlways (every PUT)
pocOrganizationAlways (every PUT)
resourcesAlways (every PUT)
identifiedInCFOAuditOrOtherReviewRequired for VA. Optional for Army and USCG.
scheduledCompletionDateRequired for ongoing and completed POA&M items
pocFirstNameOnly if Last Name, Email, or Phone Number have data
pocLastNameOnly if First Name, Email, or Phone Number have data
pocEmailOnly if First Name, Last Name, or Phone Number have data
pocPhoneNumberOnly if First Name, Last Name, or Email have data
completionDateFor completed POA&M Item only
commentsFor completed or Risk Accepted POA&M Items only

NOTES:

  • Certain eMASS instances also require the Risk Analysis fields to be populated:
    • severity
    • relevanceOfThreat
    • likelihood
    • impact
    • residualRiskLevel
    • mitigations
  • To prevent uploading duplicate/undesired milestones through the POA&M PUT include an isActive field for the milestone and set it to equal to false (isActive=false).

Business Rules: See business rules for the POST endpoint

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for updating a POA&M for a system (systemId)

Array
systemId
integer <int64>

[Required] Unique eMASS system identifier.

poamId
integer <int64>

[Required] Unique item identifier

displayPoamId
integer <int64>

[Required] Globally unique identifier for individual POA&M Items, seen on the front-end as ID.

status
string
Enum: "Ongoing" "Risk Accepted" "Completed" "Not Applicable" "Archived"

[Required] The POA&M status

vulnerabilityDescription
string

[Required] Provide a description of the POA&M Item. 2000 Characters.

sourceIdentifyingVulnerability
string

[Required] Include Source Identifying Vulnerability text. 2000 Characters.

pocOrganization
string

[Required] Organization/Office represented. 100 Characters.

resources
string

[Required] List of resources used. 250 Characters.

identifiedInCFOAuditOrOtherReview
boolean

[Required] If not specified, this field will be set to false because it does not accept a null value. VA only

pocFirstName
string

[Conditional] First name of POC. 100 Characters.

pocLastName
string

[Conditional] Last name of POC. 100 Characters.

pocEmail
string

[Conditional] Email address of POC. 100 Characters.

pocPhoneNumber
string

[Conditional] Phone number of POC (area code) -* format. 100 Characters.

severity
string

[Conditional] Required for approved items. Values include the following options: (Very Low, Low, Moderate,High,Very High)

scheduledCompletionDate
integer or null <int64>

[Conditional] Required for ongoing and completed POA&M items. Unix time format.

completionDate
integer <int64>

[Conditional] Field is required for completed POA&M items. Unix time format.

comments
string

[Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters

personnelResourcesFundedBaseHours
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

personnelResourcesCostCode
string or null

[Conditional] Required if Personnel Resources: Funded Base Hours is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

personnelResourcesUnfundedBaseHours
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

personnelResourcesNonfundingObstacle
string or null

[Conditional] Required if Personnel Resources: Unfunded Base Hours is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

personnelResourcesNonfundingObstacleOtherReason
string or null

[Conditional] Required if the value "Other" is populated for the field Personnel Resources: Non-Funding Obstacle. VA only.

nonPersonnelResourcesFundedAmount
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

nonPersonnelResourcesCostCode
string or null

[Conditional] Required if Non-Personnel Resources: Funded Amount is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

nonPersonnelResourcesUnfundedAmount
number or null <float>

[Conditional] At least one of the following is required and must be completed for each POA&M Item: Personnel Resources-> Funded Base Hours Personnel Resources-> Unfunded Base Hours Non-Personnel Resources-> Funded Amount Non-Personnel Resources-> Unfunded Amount Displays numbers to the second decimal point (e.g., 100.00). VA only.

nonPersonnelResourcesNonfundingObstacle
string or null

[Conditional] Required if Non-Personnel Resources: Unfunded Amount is populated. Only accepts values present in the field's lookup table (modifiable by eMASS System Admins). VA only.

nonPersonnelResourcesNonfundingObstacleOtherReason
string or null

[Conditional] Required if the value "Other" is populated for the field Non-Personnel Resources: Non-Funding Obstacle. VA only.

externalUid
string

[Optional] Unique identifier external to the eMASS application for use with associating POA&Ms. 100 Characters.

controlAcronym
string

[Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.

assessmentProcedure
string

[Optional] The Security Control Assessment Procedure being associated with the POA&M Item.

securityChecks
string

[Optional] Security Checks that are associated with the POA&M.

rawSeverity
string

[Optional] Scan vulnerability ratting Values include the following options: (Very Low, Low, Moderate,High,Very High)

relevanceOfThreat
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string

[Optional] Include description of Security Control's impact.

residualRiskLevel
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

recommendations
string

[Optional] Include recommendations. Character Limit = 2,000.

mitigations
string

[Optional] Include mitigation explanation. 2000 Characters.

resultingResidualRiskLevelAfterProposedMitigations
string or null
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Indicate the risk level expected after any proposed mitigations are implemented. Proposed mitigations should be appropriately documented as POA&M milestones. Navy only.

predisposingConditions
string or null

[Optional] A predisposing condition is a condition existing within an organization, a mission or business process, enterprise architecture, information system/PIT, or environment of operation, which affects (i.e., increases or decreases) the likelihood that threat events, once initiated, result in adverse impacts. Navy only.

threatDescription
string or null

[Optional] Describe the identified threat(s) and relevance to the information system. Navy only.

devicesAffected
string or null

[Optional] List any affected devices by hostname. If all devices in the information system are affected, state 'system' or 'all'. Navy only

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many POA&M items in a system

Remove the POA&M matching systemId path parameter and poamId Request Body

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given POA&M Id

Array
poamId
integer <int64>

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get POA&M item by ID in a system

Returns system(s) containing POA&M items for matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Milestones

The Milestones endpoints provide the ability to view, add, update, and remove milestones that are associated with Plan of Action and Milestones (POA&M) items for a system.

Get milestones in one or many POA&M items in a system

Returns system containing milestones for matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

query Parameters
scheduledCompletionDateStart
string

Date Started: Filter query by the scheduled completion start date (Unix date format).

scheduledCompletionDateEnd
string

Date Ended: Filter query by the scheduled completion start date (Unix date format).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add milestones to one or many POA&M items in a system

Adds a milestone for given systemId and poamId path parameters

Request Body Required Fields

  • description
  • scheduledCompletionDate
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Example request body for adding milestones to an existing System (systemId) POA&M (poamId)

Array
description
string

[Required] Provide a description of the milestone.

scheduledCompletionDate
integer <int64>

[Required] Unix date format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many POA&M items in a system

Updates a milestone for given systemId and poamId path parameters

Request Body Required Fields

  • milestoneId
  • description
  • scheduledCompletionDate
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Example request body for updating milestones (milestoneId) of an existing System (systemId) POA&M (poamId)

Array
milestoneId
integer <int64>

[Required] Unique milestone identifier.

description
string

[Required] Provide a description of the milestone.

scheduledCompletionDate
integer <int64>

[Required] Unix date format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove milestones in a system for one or many POA&M items

Remove the POA&M matching systemId and poamId for path parameters and milstoneId provide in the Request Body

NOTE
To delete a milestone the record must be inactive by having the field isActive set to false (isActive=false).

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Delete the given Milestone Id

Array
milestoneId
integer <int64>

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get milestone by ID in POA&M item in a system

Returns systems containing milestones for matching parameters.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

milestoneId
required
integer
Example: 77

Milestone Id: The unique milestone record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Artifacts

The Artifacts endpoints provide the ability to view, add, update, and remove artifacts (supporting documentation/evidence) and associated files for a system.

Get one or many artifacts in a system

Returns selected artifacts matching parameters to include the file name containing the artifacts.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
filename
string
Example: filename=ArtifactsExporFile.pdf

File Name: The file name (to include file-extension).

controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

systemOnly
boolean
Default: true

Systems Only: Indicates that only system(s) information is retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many artifacts in a system

Information About Adding Artifacts

The body of a request through the Artifacts POST endpoint accepts a single binary file. Two Artifact POST methods are currently accepted: individual and bulk. Filename uniqueness within an eMASS system will be enforced by the API for both methods.

For POST requests that should result in a single artifact, the request should include the file.

For POST requests that should result in the creation of many artifacts, the request should include a single file with the extension ".zip" only and the parameter isBulk should be set to true. This .zip file should contain one or more files corresponding to existing artifacts or new artifacts that will be created upon successful receipt.

Upon successful receipt of one or many artifacts, if a file is matched via filename to an artifact existing within the application, the file associated with the artifact will be updated. If no artifact is matched via filename to the application, a new artifact will be created with the following default values. Any values not specified below will be null

  • isTemplate: false
  • type: Other
  • category: Evidence

To update values other than the file itself, please submit a PUT request.

Business Rules

Artifact cannot be saved if the fields below exceed the following character limits:

  • Filename - 1,000 characters
  • Name - 100 characters
  • Description - 10,000 characters
  • Reference Page Number - 50 characters

Artifact version cannot be saved if an Artifact with the same file name (filename) already exist in the system.

Artifact cannot be saved if the file size exceeds 30MB.

Artifact cannot be saved if the following fields are missing data:

  • Filename (filename)
  • Type (type)
  • Category (category)
Artifact cannot be saved if the Last Review Date (`lastReviewedDate`) is set in the future.
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
isBulk
boolean
Default: false

Is Bulk: If no value is specified, the default is false, and an individual artifact file is expected. When set to true, a .zip file is expected which can contain multiple artifact files.

Request Body schema: multipart/form-data

See Information posted above for additional instructions

isTemplate
boolean
Enum: true false

Is the artifact a template?

Indicates whether an artifact is a template

type
string

The type of artifact. Possible values are: Procedure, Diagram, Policy, Labor, Document, Image, Other, Scan Result, Auditor Report. May also accept custom artifact type values set by system administrators.

category
string

The category of artifact. Possible values are: Implementation Guidance, Evidence.

May also accept custom artifact category values set by system administrators.

filename
required
string <binary>

The file to upload. Must be a .zip file if isBulk is set to true, otherwise any acceptable artifact file. Max 30MB per artifact.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many artifacts in a system

Updates an artifact for given systemId path parameter

Request Body Required Fields

  • filename
  • isTemplate
  • type
  • category

The example request provides all optional fields

Information About Updating Artifacts

The PUT request will replace all existing data with the field/value combinations included in the request body.

If any fields are not included, the absent fields will become null.

The fields name and isTemplate are non-nullable fields. If not specified in the PUT command they will default to the following:

  • name=filename
  • isTemplate=false

Also, note that one-to-many fields (controls and ccis) will also be replaced with the values specified in the PUT.

If existing control or cci mappings exist in eMASS, the values in the PUT will not append, but rather replace all existing control and cci mappings with the values in the request body.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

See information above for additional instructions

Array
filename
string

[Required] File name should match exactly one file within the provided zip file. 1000 Characters. or Application/zip file. Max 30MB per artifact.

isTemplate
boolean or null

[Required] Indicates whether an artifact template.

type
string

[Required] Artifact type options

category
string

[Required] Artifact category options

name
string or null

[Optional] Artifact name. Character Limit = 100.

description
string or null

[Optional] Artifact description. 10,000 Characters.

referencePageNumber
string or null

[Optional] Artifact reference page number. 50 Characters.

assessmentProcedures
string

[Optional] The Security Control Assessment Procedure being associated with the artifact.

controls
string or null

[Optional] Control acronym associated with the artifact. NIST SP 800-53 Revision 4 defined.

expirationDate
integer or null <int64>

[Optional] Date Artifact expires and requires review. In Unix Date format.

lastReviewedDate
integer or null <int64>

[Optional] Date Artifact was last reviewed. Unix time format.

signedDate
integer or null <int64>

[Optional] Date artifact was signed. Unix time format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many artifacts in a system

Remove the Artifact(s) matching systemId path parameter and request body artifact(s) file name

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete artifact files for the given System Id

Array
filename
string

[Required] File name should match exactly one file within the provided zip file. 1000 Characters.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Artifacts Export

The Artifacts Export endpoint provides the ability to download artifact files for a system.

Get the file of an artifact in a system

Sample Responce
Binary file associated with given filename.
If compress parameter is specified, zip archive of binary file associated with given filename.

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
filename
required
string
Example: filename=ArtifactsExporFile.pdf

File Name: The file name (to include file-extension).

compress
boolean
Default: true

Compress File: Determines if returned file is compressed.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    }
}

PAC

The Package Approval Chain (PAC) endpoints provide the ability to view the status of existing workflows and initiate new workflows for a system.

NOTES:

  • If the indicated system has any active workflows, the response will include information such as the workflow type and the current stage of each workflow.
  • If there are no active workflows, then a null data member will be returned.

Get status of active workflows in a system

Returns the location of a system's package in the Package Approval Chain (PAC) for matching systemId path parameter

NOTES:

  • If the indicated system has any active workflows, the response will include information such as the workflow type and the current stage of each workflow.
  • If there are no active workflows, then a null data member will be returned.
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Initiate system workflow for review

Adds a Package Approval Chain (PAC) for given systemId path parameter

Request Body Required Fields

  • workflow
  • name
  • comments
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding system package to PAC for review

Array
workflow
string

[Required] The PAC workflow

name
string

[Required] Package name. 100 Characters.

comments
string

[Required] Character Limit = 4,000.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

CAC

The Control Approval Chain (CAC) endpoints provide the ability to view the status of Security Controls and submit them to the second stage in the Control Approval Chain.

Note:

  • POST requests will only yield successful results if the Security Control is at the first stage of the CAC. If the control is not at the first stage, an error will be returned.

Get location of one or many controls in CAC

Returns the location of a system's package in the Control Approval Chain (CAC) for matching systemId path parameter

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Submit control to second role of CAC

Request Body Required Fields

  • controlAcronym
  • comments

NOTES:

  • Comments comments are not required at the first role of the CAC but are required at the second role of the CAC. Comments cannot exceed 10,000 characters.
  • POST requests will only yield successful results if the control is currently sitting at the first role of the CAC. If the control is not currently sitting at the first role, then an error will be returned.
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding control(s) to second role of CAC

Array
controlAcronym
string

[Required] System acronym name.

comments
string

[Conditional] Control Approval Chain comments - 2000 Characters.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Hardware Baseline

The Hardware Baseline endpoints provide the ability to view, add, update, and remove hardware assets for a system.

Get hardware baseline for a system

Returns the hardware baseline for a system matching the systemId path parameter

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ],
  • "pagination": {}
}

Add one or many hardware assets in a system

Adds assets to the Hardware Baseline for given systemId

Request Body Required Fields

  • assetName
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding hardware baseline assets to an existing System (systemId)

Array
assetName
string

[Required] Name of the hardware asset.

publicFacingFqdn
string or null

[Conditional] Public facing FQDN. Only applicable if Public Facing is set to true.

publicFacingIpAddress
string or null

[Conditional] Public facing IP address. Only applicable if Public Facing is set to true.

publicFacingUrls
string or null

[Conditional] Public facing URLs. Only applicable if Public Facing is set to true.

componentType
string or null

[Optional] Type of the hardware asset.

nickname
string or null

[Optional] Nickname of the hardware asset.

assetIpAddress
string or null

[Optional] IP address of the hardware asset.

publicFacing
boolean or null

[Optional] Public facing is defined as any asset that is accessible from a commercial connection.

virtualAsset
boolean or null

[Optional] Determine if this is a virtual hardware asset.

manufacturer
string or null

[Optional] Manufacturer of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden.

modelNumber
string or null

[Optional] Model number of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden

serialNumber
string or null

[Optional] Serial number of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden.

OsIosFwVersion
string or null

[Optional] Operating System, IOS, or Firmware version of the hardware asset.

memorySizeType
string or null

[Optional] Memory size / type of the hardware asset.

location
string or null

[Optional] Location of the hardware asset.

approvalStatus
string or null

[Optional] Approval status of the hardware asset.

criticalAsset
boolean or null

[Optional] Indicates whether the asset is a critical information system asset.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many hardware assets in a system

Updates assets in the Hardware Baseline for given systemId

Request Body Required Fields

  • assetName
  • hardwareId
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for updating hardware baseline assets to an existing System (systemId)

Array
hardwareId
string or null

[Read-Only] GUID identifying the specific hardware asset. Required for a PUT call.

assetName
string

[Required] Name of the hardware asset.

componentType
string or null

[Optional] Type of the hardware asset.

nickname
string or null

[Optional] Nickname of the hardware asset.

assetIpAddress
string or null

[Optional] IP address of the hardware asset.

publicFacing
boolean or null

[Optional] Public facing is defined as any asset that is accessible from a commercial connection.

virtualAsset
boolean or null

[Optional] Determine if this is a virtual hardware asset.

manufacturer
string or null

[Optional] Manufacturer of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden.

modelNumber
string or null

[Optional] Model number of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden

serialNumber
string or null

[Optional] Serial number of the hardware asset. Populated with "Virtual" by default if Virtual Asset is true, however this can be overridden.

OsIosFwVersion
string or null

[Optional] Operating System, IOS, or Firmware version of the hardware asset.

memorySizeType
string or null

[Optional] Memory size / type of the hardware asset.

location
string or null

[Optional] Location of the hardware asset.

approvalStatus
string or null

[Optional] Approval status of the hardware asset.

criticalAsset
boolean or null

[Optional] Indicates whether the asset is a critical information system asset.

publicFacingFqdn
string or null

[Conditional] Public facing FQDN. Only applicable if Public Facing is set to true.

publicFacingIpAddress
string or null

[Conditional] Public facing IP address. Only applicable if Public Facing is set to true.

publicFacingUrls
string or null

[Conditional] Public facing URLs. Only applicable if Public Facing is set to true.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Delete one or many hardware assets in a system

Remove (delete) one or multiple assets from a system Hardware Baseline

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for deleting one or many Hardware Baseline assets

Array
hardwareId
string

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Software Baseline

The Software Baseline endpoints provide the ability to view, add, update, and remove software assets for a system.

Get software baseline for a system

Returns the software baseline for a system matching the systemId path parameter

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ],
  • "pagination": {}
}

Add one or many software assets in a system

Adds assets to the Software Baseline for given systemId

Request Body Required Fields

  • softwareVendor
  • softwareName
  • version
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding software baseline assets to an existing System (systemId)

Array
softwareVendor
string

[Required] Vendor of the software asset.

softwareName
string

[Required] Name of the software asset.

version
string

[Required] Version of the software asset.

approvalDate
integer or null <int64>

[Conditional] Approval date of the software asset. If Approval Status is set to "Unapproved" or "In Progress", Approval Date will be set to null.

softwareType
string or null

[Optional] Type of the software asset.

parentSystem
string or null

[Optional] Parent system of the software asset.

subsystem
string or null

[Optional] Subsystem of the software asset.

network
string or null

[Optional] Network of the software asset.

hostingEnvironment
string or null

[Optional] Hosting environment of the software asset.

softwareDependencies
string or null

[Optional] Dependencies of the software asset.

cryptographicHash
string or null

[Optional] Cryptographic hash of the software asset.

inServiceData
string or null

[Optional] In-service data of the software asset.

itBudgetUii
string or null

[Optional] IT budget UII of the software asset.

fiscalYear
string or null

[Optional] Fiscal year (FY) of the software asset.

popEndDate
integer or null <int64>

[Optional] Period of performance (POP) end date of the software asset.

licenseOrContract
string or null

[Optional] License or contract number of the software asset.

licenseTerm
string or null

[Optional] License term of the software asset.

costPerLicense
number or null <double>

[Optional] Cost per license of the software asset. Number will be converted to display 2 decimal points.

totalLicenses
integer or null <int64>

[Optional] Total licenses of the software asset.

totalLicenseCost
number or null <double>

[Optional] Total license cost of the software asset. Number will be converted to display 2 decimal points.

licensesUsed
integer or null <int64>

[Optional] Number of licenses used for the software asset.

licensePoc
string or null

[Optional] Point of contact (POC) for the software asset.

licenseRenewalDate
integer or null <int64>

[Optional] License renewal date for the software asset.

licenseExpirationDate
integer or null <int64>

[Optional] License expiration date for the software asset.

approvalStatus
string or null

[Optional] Approval status of the software asset.

releaseDate
integer or null <int64>

[Optional] Release date of the software asset.

maintenanceDate
integer or null <int64>

[Optional] Maintenance date of the software asset.

retirementDate
integer or null <int64>

[Optional] Retirement date of the software asset.

endOfLifeSupportDate
integer or null <int64>

[Optional] End of life support date of the software asset.

extendedEndOfLifeSupportDate
integer or null <int64>

[Optional] If set, the Extended End of Life/Support Date cannot occur prior to the End of Life/Support Date.

criticalAsset
boolean or null

[Optional] Indicates whether the asset is a critical information system asset.

location
string or null

[Optional] Location of the software asset.

purpose
string or null

[Optional] Purpose of the software asset.

unsupportedOperatingSystem
boolean or null

[Optional] Unsupported operating system. VA only.

unapprovedSoftwareFromTrm
boolean or null

[Optional] Unapproved software from TRM. VA only

approvedWaiver
boolean or null

[Optional] Approved waiver. VA only

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many software assets in a system

Updates assets in the Software Baseline for given systemId

Request Body Required Fields

  • softwareId
  • softwareVendor
  • softwareName
  • version
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for updating software baseline assets to an existing System (systemId)

Array
softwareId
string or null

[Read-Only] GUID identifying the specific software asset.

softwareVendor
string

[Required] Vendor of the software asset.

softwareName
string

[Required] Name of the software asset.

version
string

[Required] Version of the software asset.

approvalDate
integer or null <int64>

[Conditional] Approval date of the software asset. If Approval Status is set to "Unapproved" or "In Progress", Approval Date will be set to null.

softwareType
string or null

[Optional] Type of the software asset.

parentSystem
string or null

[Optional] Parent system of the software asset.

subsystem
string or null

[Optional] Subsystem of the software asset.

network
string or null

[Optional] Network of the software asset.

hostingEnvironment
string or null

[Optional] Hosting environment of the software asset.

softwareDependencies
string or null

[Optional] Dependencies of the software asset.

cryptographicHash
string or null

[Optional] Cryptographic hash of the software asset.

inServiceData
string or null

[Optional] In-service data of the software asset.

itBudgetUii
string or null

[Optional] IT budget UII of the software asset.

fiscalYear
string or null

[Optional] Fiscal year (FY) of the software asset.

popEndDate
integer or null <int64>

[Optional] Period of performance (POP) end date of the software asset.

licenseOrContract
string or null

[Optional] License or contract number of the software asset.

licenseTerm
string or null

[Optional] License term of the software asset.

costPerLicense
number or null <double>

[Optional] Cost per license of the software asset. Number will be converted to display 2 decimal points.

totalLicenses
integer or null <int64>

[Optional] Total licenses of the software asset.

totalLicenseCost
number or null <double>

[Optional] Total license cost of the software asset. Number will be converted to display 2 decimal points.

licensesUsed
integer or null <int64>

[Optional] Number of licenses used for the software asset.

licensePoc
string or null

[Optional] Point of contact (POC) for the software asset.

licenseRenewalDate
integer or null <int64>

[Optional] License renewal date for the software asset.

licenseExpirationDate
integer or null <int64>

[Optional] License expiration date for the software asset.

approvalStatus
string or null

[Optional] Approval status of the software asset.

releaseDate
integer or null <int64>

[Optional] Release date of the software asset.

maintenanceDate
integer or null <int64>

[Optional] Maintenance date of the software asset.

retirementDate
integer or null <int64>

[Optional] Retirement date of the software asset.

endOfLifeSupportDate
integer or null <int64>

[Optional] End of life support date of the software asset.

extendedEndOfLifeSupportDate
integer or null <int64>

[Optional] If set, the Extended End of Life/Support Date cannot occur prior to the End of Life/Support Date.

criticalAsset
boolean or null

[Optional] Indicates whether the asset is a critical information system asset.

location
string or null

[Optional] Location of the software asset.

purpose
string or null

[Optional] Purpose of the software asset.

unsupportedOperatingSystem
boolean or null

[Optional] Unsupported operating system. VA only.

unapprovedSoftwareFromTrm
boolean or null

[Optional] Unapproved software from TRM. VA only

approvedWaiver
boolean or null

[Optional] Approved waiver. VA only

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Delete one or many software assets in a system

Remove (delete) one or multiple assets from a system Software Baseline

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for deleting one or many Software Baseline assets

Array
softwareId
string

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Device Scan Results

The Device Scan Results endpoint provides the ability to upload device scan results in the assets module for a system.

Add device scans in a system

Request Body Required Field

  • scanType

Scan Type Allow Values:

  • acasAsrArf (.zip)
  • acasNessus
  • disaStigViewerCklCklb (.ckl or .cklb)
  • disaStigViewerCmrs
  • policyAuditor (.zip)
  • scapComplianceChecker

Business Rules

The body of a request through the Device Scan Results POST endpoint accepts a single binary file. Specific file extensions are expected depending upon the scanType parameter. For example, .ckl or .cklb files are accepted when using scanType is set to disaStigViewerCklCklb.

When set to acasAsrArf or policyAuditor, a .zip file is expected which should contain a single scan result (for example, a single pair of .asr and .arf files). Single files are expected for all other scan types as this endpoint requires files to be uploaded consecutively as opposed to in bulk.

Current scan types that are supported:

  • ACAS: ASR/ARF
  • ACAS: NESSUS
  • DISA STIG Viewer: CKL/CKLB
  • DISA STIG Viewer: CMRS
  • Policy Auditor
  • SCAP Compliance Checker
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
scanType
required
string
Default: "disaStigViewerCklCklb"
Enum: "acasAsrArf" "acasNessus" "disaStigViewerCklCklb" "disaStigViewerCmrs" "policyAuditor" "scapComplianceChecker"

Scan Type: The file scan type to upload

isBaseline
boolean
Default: false

Is Baseline: Indicates that the imported file represents a baseline scan that includes all findings and results. Importing as a baseline scan, which assumes a common set of scan policies are used when conducting a scan, will replace a device's findings for a specific Benchmark. Applicable to ASR/ARF scans only.

Request Body schema: multipart/form-data

See Business Rules posted above for file type.

filename
required
string <binary>

The file to upload. Can be a single file or a .zip file.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Cloud Resource Results

The Cloud Resource Results endpoint provides the ability to add, update, and remove cloud resources and their scan results in the assets module for a system.

Add one or many cloud resources and their scan results

Add cloud resources and their scan results in the assets module for a system systemId

Request Body Required Fields

  • provider
  • resourceId
  • resourceName
  • resourceType
  • complianceResults (Object Array)
    • cspPolicyDefinitionId
    • isCompliant
    • policyDefinitionTitle

Example Request Body Required Fields

[
  {
    "provider": "provide name",
    "resourceId": "resource identification",
    "resourceName": "resource name",
    "resourceType": "resource type",
    "complianceResults": [
      {
        "cspPolicyDefinitionId": "CSP policy definition identification",
        "policyDefinitionTitle": "policy definition title",
        "isCompliant": [true or false]
      }
    ]
  }
]
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding cloud resources and their scan results

Array
provider
string

[Required] Cloud service provider name

resourceId
string

[Required] Unique identifier/resource namespace for policy compliance result

resourceName
string

[Required] Friendly name of Cloud resource

resourceType
string

[Required] Type of Cloud resource

initiatedBy
string

[Optional] Email of POC

cspAccountId
string

[Optional] System/owner's CSP account ID/number

cspRegion
string

[Optional] CSP region of system

isBaseline
boolean

[Optional] True/false flag for providing results as baseline. If true, all existing compliance results for the resourceId will be replaced by results in the current call

object

[Optional] Informational tags associated to results for other metadata

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many cloud resources in a system

Removes cloud resources and their scan results in the assets module for a system systemId

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given Cloud Resource Id

Array
resourceId
string

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Container Scan Results

The Container Scan Results endpoint provides the ability to add, update, and remove containers and their scan results in the assets module for a system.

Add one or many containers and their scan results

Add containers and their scan results in the assets module for a system systemId.

Request Body Required Fields

  • containerId
  • containerName
  • time
  • benchmarks (Object Array)
    • benchmark
    • results (Object Array)
      • ruleId
      • status
      • lastSeen

Example Request Body Required Fields

[
  {
    "containerId": "container identification",
    "containerName": "container name",
    "time": Datetime of scan/result (1648217219),
    "benchmarks": [
      {
        "benchmark": "RHEL_8_STIG",
        "results": [
          {
            "ruleId": "rule identification",
            "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
            "lastSeen": Unix date format (1648217219)
          }, {
            "ruleId": "rule identification",
            "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
            "lastSeen": Unix date format (1648217219)
          }
        ]
      }
    ]
  }
]
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding containers and their scan results

Array
containerId
string

[Required] Unique identifier of the container

containerName
string

[Required] Friendly name of the container

time
integer <int64>

[Required] Datetime of scan/result. Unix date format

podName
string

[Optional] Name of pod (e.g. Kubernetes pod)

podIp
string

[Optional] IP address of pod

namespace
string

[Optional] Namespace of container in container orchestration (e.g. Kubernetes namespace)

object

[Optional] Informational tags associated to results for other metadata

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many containers in a system

Removes container scan resources and their scan results in the assets module for a system systemId

Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given Container Scan Id

Array
containerId
string

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Static Code Scans

The Static Code Scans endpoint provides the ability to upload application scan findings into a system's assets module. Application findings can also be cleared from the system.

Upload static code scans or Clear static code scans

Upload or clear application scan findings into a system's systemId assets module.

Request Body Required Fields

  • application (Object)
    • applicationName
    • version
  • applicationFindings (Object Array)
    • codeCheckName
    • count
    • scanDate
    • cweId

NOTE: To clear an application's findings, use only the field clearFindings as the Request body and set it to true. Example:

[
  {
    "application": {
      "applicationName": "application name",
      "version": "application version"
    },
    "applicationFindings": [
      { "clearFindings": true }
    ]
  }
]
Authorizations:
(apiKeyuserId) mockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Example request body for adding static code scans or Clear static code scans

object
Array of objects (Static Code Application POST object")

Responses

Request samples

Content type
application/json
{
  • "application": {
    },
  • "applicationFindings": [
    ]
}

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Workflow Definitions

The Workflow Definitions endpoint provides the ability to view all workflow schemas available on the eMASS instance. Every transition for each workflow stage is included.

Get workflow definitions in a site

View all workflow schemas available on the eMASS instance filtered by status includeInactive and registration type registrationType.

Authorizations:
(apiKeyuserId) mockType
query Parameters
includeInactive
boolean
Default: true

Include Inactive: If no value is specified, the default returns false to not include outdated workflow definitions.

registrationType
string
Default: "regular"

Registration Type: Filter record by selected registration type (single value or comma delimited values).

Valid Options Are: assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider, commonControlProvider, authorizationToUse, reciprocityAcceptanc

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Workflow Instances

The Workflow Instances endpoint provides the ability to view detailed information on all active and historical workflows for an eMASS instance.

Get workflow instances in a site

View detailed information on all active and historical workflows filtered by provided parameters.

Authorizations:
(apiKeyuserId) mockType
query Parameters
includeComments
boolean
Default: true

Include Comments: If no value is specified, the default returns true to not include transition comments. Note: Corresponds to the Comments textbox that is required at most workflow transitions. Does not include other text input fields such as Terms / Conditions for Authorization.

includeDecommissionSystems
boolean
Default: false

Include Decommission Systems: If no value is specified, the default returns false to exclude decommissioned systems.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0. Note: Pages contain 1000 workflow instances.

sinceDate
string
Example: sinceDate=1638764040

Date: Filter on authorization/assessment date (Unix date format). Note: Filters off the lastEditedDate field. Note: The authorization/assessment decisions on completed workflows can be edited for up to 30 days after the initial decision is made.

status
string
Default: "all"
Enum: "active" "inactive" "all"

Status: Filter by status. If no value is specified, the default returns all to include both active and inactive workflows. Note: Any workflows at a current stage of Complete or Cancelled are inactive. Ongoing workflows currently at other stages are active.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ],
  • "pagination": {}
}

Get workflow instance by ID

View detailed historical workflow information for workflowInstanceId.

Authorizations:
(apiKeyuserId) mockType
path Parameters
workflowInstanceId
required
integer
Example: 123

Workflow Instance Id: The unique workflow definition identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

CMMC Assessments

The Cybersecurity Maturity Model Certification (CMMC) Assessments endpoint provides the ability to view CMMC assessment information. It is available to CMMC eMASS only.

Get CMMC assessment information

Get all CMMC assessment after the given date sinceDate parameter. It is available to CMMC eMASS only.

Authorizations:
(apiKeyuserId) mockType
query Parameters
sinceDate
required
string
Example: sinceDate=1638764040

Date CMMC date (Unix date format)

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Dashboards

The Dashboards endpoints provide the ability to view data contained in dashboard exports. In the eMASS frontend, these dashboard exports are generated as Excel exports.

Each dashboard dataset available from the API is automatically updated with the current configuration of the dashboard and the instance of eMASS as the dashboard changes.

Organization-specific fields may differ. Organization-specific Dashboards should only be used by that organization (e.g., VA [dashboard name] should be used by VA).

System Status Dashboard

Dashboard about systems status details

System Status Details

Get systems status detail dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Terms/Conditions Dashboards

System Terms Conditions Summary

Get systems terms conditions summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Terms Conditions Details

Get systems terms conditions details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Connectivity/CCSD Dashboards

System Connectivity/CCSD Summary

Get systems connectivity/CCSD summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Connectivity/CCSD Details

Get systems connectivity/CCSD details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System ATC/IATC Dashboard

System ATC/IATC Details

Get systems ATC/IATC details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Questionnaire Dashboards

System Questionnaire Summary

Get systems questionnaire summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Questionnaire Details

Get systems questionnaire details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Workflows Dashboards

System Workflows History Summary

Get systems workflow history summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Workflows History Details

Get systems workflow history details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Workflows History Stage Details

Get systems workflow history stage details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Security Controls Dashboards

System Control Compliance Summary

Get systems control compliance summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Control Compliance Details

Get systems security control details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Assessment Procedures Details

Get systems assessment procedures details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System POA&M Dashboards

System POA&M Summary

Get systems POA&Ms summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System POA&M Details

Get system POA&Ms details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Artifacts Dashboards

System Artifacts Summary

Get system Artifacts summary information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Artifacts Details

Get system Artifacts details information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Hardware Dashboards

System Hardware Summary

Get system hardware summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Hardware Details

Get system hardware details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Sensor Hardware Dashboards

System Sensor Hardware Summary

Get system sensor hardware summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Sensor Hardware Details

Get system sensor hardware details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Software Dashboards

System Software Summary

Get system software summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Software Details

Get system software details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Sensor Software Dashboards

System Sensor Software Summary

Get system sensor software summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Sensor Software Details

Get system sensor hardsoftwareware details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Sensor Software Counts

Get system sensor hardsoftwareware count dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Critical Assets Dashboard

System Critical Assets Summary

Get system critical assets summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Vulnerability Dashboard

System Vulnerability Summary

Get system vulnerability summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Device Findings Dashboards

System Device Findings Summary

Get system device findings summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Device Findings Details

Get ssystem device findings details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Application Findings Dashboards

System Application Findings Summary

Get system application findings summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Application Findings Details

Get system application findings details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Ports/Protocols Dashboards

System Ports/Protocols Summary

Get system ports and protocols summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Ports/Protocols Details

Get system ports and protocols details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System CONMON Integration Status Dashboard

System CONMON Integration Status

Get system CONMON integration status dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Associations Dashboard

System Associations Details

Get system associations details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

User System Assignments Dashboard

User System Assignments Details

Get user system assignments details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

Organization Migration Status Dashboard

Organization Migration Status Summary

Get organization migration status summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Migration Status Dashboard

System Migration Status Summary

Get system migration status summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System FISMA Metrics Dashboard

System FISMA Metrics

Get system FISMA metrics dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

Coast Guard System FISMA Metrics Dashboard

Coast Guard System FISMA Metrics

Get Coast Guard system FISMA metrics dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

System Privacy Dashboard

System Privacy Summary

Get user system privacy summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA OMB FISMA Dashboard

VA OMB FISMA SAOP Summary

Get VA OMB-FISMA SAOP summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System Dashboards

VA System ICAMP Tableau POAM Details

Get VA system ICAMP Tableau POAM details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System A&A Summary

Get VA system A&A summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System A2.0 Summary

Get VA system A2.0 summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System P.L. 109 Reporting Summary

Get VA system P.L. 109 reporting summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System FISMA Inventory Summary

Get VA system FISMA inventory summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System FISMA Inventory Crypto Summary

Get VA system FISMA inventory crypto summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System Threat Risks Summary

Get VA system threat risk summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System Threat Sources Details

Get VA system threat source details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

VA System Threat Architecture Details

Get VA system threat architecture details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

CMMC Assessment Dashboards

CMMC Assessment Status Summary

Get CMMC assessment status summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

CMMC Assessment Requirements Compliance Summary

Get CMMC assessment requirements compliance summary dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

CMMC Assessment Security Requirements Details

Get CMMC assessment security requirements details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}

CMMC Assessment Requirement Objectives Details

Get CMMC assessment requirement objectives details dashboard information.

Authorizations:
(apiKeyuserId) mockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{}