Documentation Powered by ReDoc

Enterprise Mission Assurance Support Service (eMASS) (v3.12)

Download OpenAPI specification:Download

eMASS Tier III support: disa.meade.id.mbx.emass-tier-iii-support@mail.mil URL: https://www.dcsa.mil/is/emass/

The Enterprise Mission Assurance Support Service (eMASS) Representational State Transfer (REST) Application Programming Interface (API) enables users to perform assessments and complete actions associated with system records.

Register External Application (that use the eMASS API)
New users will need to register an API key with the eMASS development team prior to accessing the site for the first time. The eMASS REST API requires a client certificate (SSL/TLS, DoD PKI only). Use the Registration POST endpoint to register the client certificate. The endpoint returns the user api-key.

Every call to the eMASS REST API will require the use of the agreed upon public key certificate and API key. The API key must be provided in the request header for all endpoint calls (api-key). If the service receives an untrusted certificate or API key, a 401 error response code will be returned along with an error message.

Available Request Headers

key Example Value Description
`api-key` api-key-provided-by-emass This API key must be provided in the request header for all endpoint calls
`user-uid` USER.UID.KEY This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls
Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC


Approve API Client for Actionable Requests
Users are required to log-in to eMASS and grant permissions for a client to update data within eMASS on their behalf. This is only required for actionable requests (PUT, POST, DELETE). The Registration Endpoint and all GET requests can be accessed without completing this process with the correct permissions. Please note that leaving a field parameter blank (for PUT/POST requests) has the potential to clear information in the active eMASS records.

To establish an account with eMASS and/or acquire an api-key/user-uid, contact one of the listed POC:

eMASS New User Registration (requires CAC authentication)

Authentication

apiKey

The API key must be provided in the request header for all eMASS endpoint calls.

For connecting to a mock server, any value is acceptable, e.g., 123

Security Scheme Type API Key
Header parameter name: api-key

userId

This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls.
Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC.

For connecting to a mock server, any value is acceptable, e.g., 123

Security Scheme Type API Key
Header parameter name: user-uid

mockType

This header parameter is ony utilized when interacting with the mock server.
Options are (enter in the Value textbox):

  • For random response values code=200, dynamic=true
  • For static response values code=200
Security Scheme Type API Key
Header parameter name: Prefer

Test

The Test Connection endpoint provides the ability to verify connection to the web service.

Test connection to the API

Tests the endpoint connection

Authorizations:
apiKeyuserIdmockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Registration

The Registration endpoint provides the ability to register a certificate & obtain an API-key.

Register user certificate and obtain an API key

Returns the API Key (api-key) that must be provided in the request header for all endpoint calls.

Authorizations:
apiKeyuserIdmockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Systems

The Systems endpoints provide the ability to view system information.

Notes

  • If a system is dual-policy enabled, the returned system details default to the RMF policy information unless otherwise specified for an individual system.
  • Certain fields are instance specific and may not be returned in GET request.

Get system information

Returns all system(s) that match the query parameters

Authorizations:
apiKeyuserIdmockType
query Parameters
coamsId
string

COAMS ID: Filter query by Cyber Operational Attributes Management System (COAMS).

ditprId
string

DITPR ID: Filter query by DoD Information Technology (IT) Portfolio Repository (DITPR).

includeDecommissioned
boolean
Default: true

Include Decommissioned Systems: Indicates if decommissioned systems are retrieved.

If no value is specified, the default returns true to include decommissioned systems.

includeDitprMetrics
boolean
Default: false

Include DITPR: Indicates if DITPR metrics are retrieved.

This query string parameter cannot be used in conjunction with the following parameters:

  • includePackage
  • ditprId
  • coamsId

If no value is specified, the default returns false to not include DITPR Metrics.

includePackage
boolean
Default: false

Include Package: Indicates if additional packages information are retrieved for queried system.

If no value is specified, the default returns false to not include package information

policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy.

If no value is specified, the default returns RMF policy information for dual-policy systems.

registrationType
string
Default: "regular"

Registration Type: Filter record by selected registration type (single value or comma delimited values).

Available values: assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider, commonControlProvider

reportsForScorecard
boolean
Default: true

DoD Cyber Hygiene Scorecard: Used to filter results to only return systems that report to the DoD Cyber Hygiene Scorecard.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get system information for a specific system

Returns the system matching provided parameters

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
includePackage
boolean
Default: false

Include Package: Indicates if additional packages information are retrieved for queried system.

If no value is specified, the default returns false to not include package information

policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy.

If no value is specified, the default returns RMF policy information for dual-policy systems.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

System Roles

The System Roles endpoints provides the ability to access user data assigned to systems.

Notes:

  • The endpoint can access three different role categories: PAC, CAC, and Other.
  • If a system is dual-policy enabled, the returned system role information will default to the RMF policy information unless otherwise specified.

Get available roles

Returns all available roles

Authorizations:
apiKeyuserIdmockType

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get system roles

Returns the role(s) data matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
roleCategory
required
string
Default: "PAC"
Enum: "CAC" "PAC" "Other"

Role Category: The system role category been queried

query Parameters
role
required
string
Default: "IAO"

Role: Accepts single value from options available at base system-roles endpoint e.g., SCA.

policy
string
Default: "rmf"
Enum: "diacap" "rmf" "reporting"

System Policy: Filter query by system policy.

If no value is specified, the default returns RMF policy information for dual-policy systems.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Controls

The Controls endpoints provide the ability to view, add, and update Security Control information to a system for both the Implementation Plan and Risk Assessment.

Get control information in a system for one or many controls

Returns system control information for matching systemId path parameter

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
acronyms
string
Default: "PM-6"

Acronym: The system acronym(s) being queried (single value or comma delimited values).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update control information in a system for one or many controls

Update a Control for given systemId

Request Body Required Fields

  • acronym
  • responsibleEntities
  • controlDesignation
  • estimatedCompletionDate
  • implementationNarrative

The following optional fields (plus the Request Body Required Fields) are required based on the Implementation Status implementationStatus value
| Value | Required Fields |--------------------------|--------------------------------------------------- | Planned or Implemented | slcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments | Not Applicable | naJustification | Manually Inherited | commonControlProvider, slcmCriticality, slcmFrequency, slcmMethod, slcmReporting, slcmTracking, slcmComments

If the Implementation Status implementationStatus value is Inherited, only the following fields can be updated:

  • controlDesignation
  • commonnControlProvider

NOTES:

  • Implementation Plan information cannot be saved if the these fields exceed 2,000 character limits:
    • naJustification,responsibleEntities,implementationNarrative,slcmCriticality
    • slcmFrequency,slcmMethod,slcmReporting,slcmTracking,slcmComments
  • Implementation Plan information cannot be updated if Security Control does not exist in the system record.
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Update an existing control by Id

Array
acronym
string

[Required] Required to match the NIST SP 800-53 Revision 4.

responsibleEntities
string

[Required] Include written description of Responsible Entities that are responsible for the Security Control. Character Limit = 2,000.

implementationStatus
string

[Optional] Implementation Status of the Security Control for the information system.

commonControlProvider
string

[Conditional] Indicate the type of Common Control Provider for an “Inherited” Security Control.

naJustification
string

[Conditional] Provide justification for Security Controls deemed Not Applicable to the system.

controlDesignation
string

[Required] Control designations

testMethod
string

[Optional] Identifies the assessment method / combination that will determine if the security requirements are implemented correctly.

estimatedCompletionDate
integer

[Required] Field is required for Implementation Plan.

implementationNarrative
string

[Required] Includes security control comments. Character Limit = 2,000.

slcmCriticality
string

[Conditional] Criticality of Security Control regarding SLCM. Character Limit = 2,000.

slcmFrequency
string

[Conditional] SLCM frequency

slcmMethod
string

[Conditional] SLCM method utilized

slcmReporting
string

[Conditional] Method for reporting Security Control for SLCM. Character Limit = 2,000.

slcmTracking
string

[Conditional] How Non-Compliant Security Controls will be tracked for SLCM. Character Limit = 2,000.

slcmComments
string

[Conditional] Additional comments for Security Control regarding SLCM. Character Limit = 4,000.

severity
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

vulnerabiltySummary
string

[Optional] Include vulnerability summary. Character Limit = 2,000.

recommendations
string

[Optional] Include recommendations. Character Limit = 2,000.

relevanceOfThreat
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string

[Optional] Include description of Security Control's impact.

residualRiskLevel
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Test Results

The Test Results endpoints provide the ability to view and add test results for a system's Assessment Procedures which determine Security Control compliance.

Get one or many test results in a system

Returns system test results information for matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

latestOnly
boolean
Default: true

Latest Results Only: Indicates that only the latest test resultes are retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many test results in a system

Adds test results for given systemId

Request Body Required Fields

  • testedBy
  • testDate
  • description
  • complianceStatus
  • assessmentProcedure
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add test results to a system (systemId)

Array
testedBy
string

[Required] Last Name, First Name. 100 Characters.

testDate
integer <int64>

[Required] Unix time format.

description
string

[Required] Include description of test result. 4000 Characters.

complianceStatus
string

[Required] Test result compliance status

assessmentProcedure
string

[Required] The Security Control Assessment Procedure being assessed.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

POAM

The POA&Ms endpoints provide the ability to view, add, update, and remove Plan of Action and Milestones (POA&M) items and associated milestones for a system.

Get one or many POA&M items in a system

Returns system(s) containing POA&M items for matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
scheduledCompletionDateStart
string

Date Started: Filter query by the scheduled completion start date (Unix date format).

scheduledCompletionDateEnd
string

Date Ended: Filter query by the scheduled completion start date (Unix date format).

controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

systemOnly
boolean
Default: true

Systems Only: Indicates that only system(s) information is retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many POA&M items in a system

Add a POA&M for given systemId

Request Body Required Fields

  • status
  • vulnerabilityDescription
  • sourceIdentVuln
  • pocOrganization
  • resources

Note
If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request.
pocFirstName, pocLastName, pocPhoneNumber

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add POA&M(s) to a system (systemID)

Array
status
string
Enum: "Ongoing" "Risk Accepted" "Completed" "Not Applicable"

[Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable

vulnerabilityDescription
string

[Required] Provide a description of the POA&M Item. 2000 Characters.

sourceIdentVuln
string

[Required] Include Source Identifying Vulnerability text. 2000 Characters.

pocOrganization
string

[Required] Organization/Office represented. 100 Characters.

resources
string

[Required] List of resources used. 250 Characters.

pocFirstName
string

[Required] First name of POC. 100 Characters.

pocLastName
string

[Required] Last name of POC. 100 Characters.

pocEmail
string

[Required] Email address of POC. 100 Characters.

pocPhoneNumber
string

[Required] Phone number of POC (area code) -* format. 100 Characters.

externalUid
string

[Optional] Unique identifier external to the eMASS application for use with associating POA&Ms. 100 Characters.

controlAcronym
string

[Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.

cci
string

[Optional] CCI associated with POA&M.

assessmentProcedure
string

[Optional] The Security Control Assessment Procedure being associated with the POA&M Item.

securityChecks
string

[Optional] Security Checks that are associated with the POA&M.

rawSeverity
string
Enum: "I" "II" "III"

[Optional] Values include the following options (I,II,III)

relevanceOfThreat
string
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string

[Optional] Include description of Security Control’s impact.

residualRiskLevel
string
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

recommendations
string

[Optional] Include recommendations. Character Limit = 2,000.

mitigation
string

[Optional] Include mitigation explanation. 2000 Characters.

severity
string
Enum: "Very Low" "Low" "Moderate" "High" "Very High"

[Conditional] Required for approved items. Values include the following options: (Very Low, Low, Moderate,High,Very High)

scheduledCompletionDate
integer or null <int64>

[Conditional] Required for ongoing and completed POA&M items. Unix time format.

comments
string

[Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters

completionDate
integer <int64>

[Conditional] Field is required for completed POA&M items. Unix time format.

Array of objects (Milestones)

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many POA&M items in a system

Update a POA&M for given systemId

Request Body Required Fields

  • poamId
  • displayPoamId
  • status
  • vulnerabilityDescription
  • sourceIdentVuln
  • pocOrganization
  • reviewStatus

Notes

  • If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request.
    pocOrganization, pocFirstName, pocLastName, pocEmail, pocPhoneNumber

  • To prevent uploading duplicate/undesired milestones through the POA&M PUT we must include an isActive field for the milestone and set it to equal to false (isActive=false).

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Update an existing control by Id

Array
poamId
integer <int64>

[Required] Unique item identifier

displayPoamId
integer <int64>

[Required] Globally unique identifier for individual POA&M Items, seen on the front-end as “ID”.

status
string
Enum: "Ongoing" "Risk Accepted" "Completed" "Not Applicable"

[Required] The POA&M status

vulnerabilityDescription
string

[Required] Provide a description of the POA&M Item. 2000 Characters.

sourceIdentVuln
string

[Required] Include Source Identifying Vulnerability text. 2000 Characters.

pocOrganization
string

[Required] Organization/Office represented. 100 Characters.

resources
string

[Required] List of resources used. 250 Characters.

externalUid
string

[Optional] Unique identifier external to the eMASS application for use with associating POA&Ms. 100 Characters.

controlAcronym
string

[Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.

cci
string

CCI associated with POA&M.

assessmentProcedure
string

[Optional] The Security Control Assessment Procedure being associated with the POA&M Item.

securityChecks
string

[Optional] Security Checks that are associated with the POA&M.

rawSeverity
string

[Optional] Values include the following options (I,II,III)

relevanceOfThreat
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

likelihood
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impact
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

impactDescription
string

[Optional] Include description of Security Control's impact.

residualRiskLevel
string

[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)

recommendations
string

[Optional] Include recommendations. Character Limit = 2,000.

mitigation
string

[Optional] Include mitigation explanation. 2000 Characters.

pocFirstName
string

[Conditional] First name of POC. 100 Characters.

pocLastName
string

[Conditional] Last name of POC. 100 Characters.

pocEmail
string

[Conditional] Email address of POC. 100 Characters.

pocPhoneNumber
string

[Conditional] Phone number of POC (area code) -* format. 100 Characters.

severity
string

[Conditional] Required for approved items. Values include the following options: (Very Low, Low, Moderate,High,Very High)

scheduledCompletionDate
integer or null <int64>

[Conditional] Required for ongoing and completed POA&M items. Unix time format.

completionDate
integer <int64>

[Conditional] Field is required for completed POA&M items. Unix time format.

comments
string

[Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters

isActive
boolean

[Conditional] Optionally used in PUT to delete milestones when updating a POA&M.

Array of objects (Milestones)

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many POA&M items in a system

Remove the POA&M matching systemId path parameter and poamId Request Body

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given POA&M Id

Array
poamId
integer <int64>

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get POA&M item by ID in a system

Returns system(s) containing POA&M items for matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Milestones

The Milestones endpoints provide the ability to view, add, update, and remove milestones that are associated with Plan of Action and Milestones (POA&M) items for a system.

Get milestones in one or many POA&M items in a system

Returns system containing milestones for matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

query Parameters
scheduledCompletionDateStart
string

Date Started: Filter query by the scheduled completion start date (Unix date format).

scheduledCompletionDateEnd
string

Date Ended: Filter query by the scheduled completion start date (Unix date format).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add milestones to one or many POA&M items in a system

Adds a milestone for given systemId and poamId path parameters

Request Body Required Fields

  • description
  • scheduledCompletionDate
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Add milestones to an existing system poam

Array
description
string

[Required] Provide a description of the milestone.

scheduledCompletionDate
integer <int64>

[Required] Unix date format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many POA&M items in a system

Updates a milestone for given systemId and poamId path parameters

Request Body Required Fields

  • milestoneId
  • description
  • scheduledCompletionDate
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Update milestones for an existing system poam

Array
milestoneId
integer <int64>

[Required] Unique milestone identifier.

description
string

[Required] Provide a description of the milestone.

scheduledCompletionDate
integer <int64>

[Required] Unix date format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove milestones in a system for one or many POA&M items

Remove the POA&M matching systemId and poamId for path parameters and milstoneId provide in the Requst Body

Notes
To delete a milestone the record must be inactive by having the field isActive set to false (isActive=false).

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

Request Body schema: application/json

Delete the given Milestone Id

Array
milestoneId
integer <int64>

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Get milestone by ID in POA&M item in a system

Returns systems containing milestones for matching parameters.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

poamId
required
integer
Example: 45

POA&M Id: The unique POA&M record identifier.

milestoneId
required
integer
Example: 77

Milestone Id: The unique milestone record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Artifacts

The Artifacts endpoints provide the ability to view, add, update, and remove artifacts (supporting documentation/evidence) and associated files for a system.

Get one or many artifacts in a system

Returns selected artifacts matching parameters to include the file name containing the artifacts.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
filename
string
Example: filename=ArtifactsExporFile.pdf

File Name: The file name (to include file-extension).

controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

assessmentProcedures
string

Assessment Procedure: Filter query by given Security Control Assessment Procedure (single value or comma separated).

ccis
string

CCI System: Filter query by Control Correlation Identifiers (CCIs) (single value or comma separated).

systemOnly
boolean
Default: true

Systems Only: Indicates that only system(s) information is retrieved.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Add one or many artifacts in a system

Information
The body of a request through the Artifacts POST endpoint accepts a single binary file. Two Artifact POST methods are currently accepted: individual and bulk. Filename uniqueness within an eMASS system will be enforced by the API for both methods.

For POST requests that should result in a single artifact, the request should include the file.

For POST requests that should result in the creation of many artifacts, the request should include a single file with the extension ".zip" only and the parameter isBulk should be set to true. This .zip file should contain one or more files corresponding to existing artifacts or new artifacts that will be created upon successful receipt.

Upon successful receipt of one or many artifacts, if a file is matched via filename to an artifact existing within the application, the file associated with the artifact will be updated. If no artifact is matched via filename to the application, a new artifact will be created with the following default values. Any values not specified below will be null

  • isTemplate: false
  • type: Other
  • category: Evidence
To update values other than the file itself, please submit a PUT request.

Business Rules
Artifact cannot be saved if the fields below exceed the following character limits:

  • Filename - 1,000 characters
  • Name - 100 characters
  • Description - 10,000 characters
  • Reference Page Number - 50 characters
Artifact cannot be saved if the file does not have an allowable file extension/type: 
.docx,.doc,.txt,.rtf,.xfdl,.xml,.mht,.mh,tml,.html,.htm,.pdf,.mdb,.accdb,.ppt,
.pptx,.xls,.xlsx,.csv,.log,.jpeg,.jpg,.tiff,.bmp,.tif,.png,.gif,.zip,.rar,.msg,
.vsd,.vsw,.vdx,.z{#},.ckl,.avi,.vsdx

Artifact version cannot be saved if an Artifact with the same file name (filename) already exist in the system.

Artifact cannot be saved if the file size exceeds 30MB.

Artifact cannot be saved if the following fields are missing data:

  • Filename (filename)
  • Type (type)
  • Category (category)

Artifact cannot be saved if the Last Review Date (lastReviewedDate) is set in the future.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
isBulk
boolean
Default: false

Is Bulk: If no value is specified, the default is false, and an individual artifact file is expected.

When set to true, a .zip file is expected which can contain multiple artifact files"

Request Body schema: multipart/form-data

See Information posted above for additional instructions

isTemplate
boolean
type
string
Enum: "Procedure" "Diagram" "Policy" "Labor" "Document" "Image" "Other" "Scan Result" "Auditor Report"
category
string
Enum: "Implementation Guidance" "Evidence"
Zipper
required
string <binary>

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Update one or many artifacts in a system

Updates an artifact for given systemId path parameter

Request Body Required Fields

  • filename
  • isTemplate
  • type
  • category

Information
The PUT request will replace all existing data with the field/value combinations included in the request body.

If any fields are not included, the absent fields will become null.

The fields name and isTemplate are non-nullable fields. If not specified in the PUT command they will default to the following:

  • name=filename
  • isTemplate=false

Also, note that one-to-many fields (controls and ccis) will also be replaced with the values specified in the PUT.

If existing control or cci mappings exist in eMASS, the values in the PUT will not append, but rather replace all existing control and cci mappings with the values in the request body.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

See information above for additional instructions

Array
filename
string

[Required] File name should match exactly one file within the provided zip file. 1000 Characters.

isTemplate
boolean

[Required] Indicates it is an artifact template.

type
string

[Required] Artifact type options

category
string

[Required] Artifact category options

name
string or null

[Optional] Artifact name. Character Limit = 100.

description
string

[Optional] Artifact description. 10,000 Characters.

referencePageNumber
string

[Optional] Artifact reference page number. 50 Characters.

controls
string or null

[Optional] Control acronym associated with the artifact. NIST SP 800-53 Revision 4 defined.

assessmentProcedures
string

[Optional] The Security Control Assessment Procedure being associated with the artifact.

expirationDate
integer or null <int64>

[Optional] Date Artifact expires and requires review. In Unix Date format.

lastReviewedDate
integer or null <int64>

[Optional] Date Artifact was last reviewed. Unix time format.

signedDate
integer or null <int64>

[Optional] Date artifact was signed. Unix time format.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many artifacts in a system

Remove the Artifact(s) matching systemId path parameter and request body artifact(s) file name

Note: Multiple files can be deleted by providing multiple file names at the CL (comma delimited)

Example: --files file1.txt, file2.txt

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete artifact files for the given System Id

Array
filename
string

[Required] File name should match exactly one file within the provided zip file. 1000 Characters.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Artifacts Export

The Artifacts Export endpoint provides the ability to download artifact files for a system.

Get the file of an artifact in a system

Sample Responce
Binary file associated with given filename.
If compress parameter is specified, zip archive of binary file associated with given filename.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
filename
required
string
Example: filename=ArtifactsExporFile.pdf

File Name: The file name (to include file-extension).

compress
boolean
Default: true

Compress File: Determines if returned file is compressed.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    }
}

CAC

The Control Approval Chain (CAC) endpoints provide the ability to view the status of Security Controls and submit them to the second stage in the Control Approval Chain.

Notes:

  • POST requests will only yield successful results if the Security Control is at the first stage of the CAC. If the control is not at the first stage, an error will be returned.

Get location of one or many controls in CAC

Returns the location of a system's package in the Control Approval Chain (CAC) for matching systemId path parameter

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

query Parameters
controlAcronyms
string

Control Acronym: Filter query by given system acronym (single value or comma separated).

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Submit control to second role of CAC

Request Body Required Fields

  • controlAcronym
  • comments

Notes:

  • Comments comments are not required at the first role of the CAC but are required at the second role of the CAC. Comments cannot exceed 10,000 characters.

  • POST requests will only yield successful results if the control is currently sitting at the first role of the CAC. If the control is not currently sitting at the first role, then an error will be returned.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add control(s) to second role of CAC

Array
controlAcronym
string

[Required] System acronym name.

comments
string

[Conditional] Control Approval Chain comments - 2000 Characters.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

PAC

The Package Approval Chain (PAC) endpoints provide the ability to view the status of existing workflows and initiate new workflows for a system.

Notes:

  • If the indicated system has any active workflows, the response will include information such as the workflow type and the current stage of each workflow.
  • If there are no active workflows, then a null data member will be returned.

Get status of active workflows in a system

Returns the location of a system's package in the Package Approval Chain (PAC) for matching systemId path parameter

Notes:

  • If the indicated system has any active workflows, the response will include information such as the workflow type and the current stage of each workflow.

  • If there are no active workflows, then a null data member will be returned.

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Initiate system workflow for review

Adds a Package Approval Chain (PAC) for given systemId path parameter

Request Body Required Fields

  • workflow
  • name
  • comments
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add system package to PAC for review

Array
workflow
string

[Required] The PAC workflow

name
string

[Required] Package name. 100 Characters.

comments
string

[Required] Character Limit = 4,000.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

CMMC Assessments

The Cybersecurity Maturity Model Certification (CMMC) Assessments endpoint provides the ability to view CMMC assessment information. It is available to CMMC eMASS only.

Get CMMC assessment information

Get all CMMC assessment after the given date sinceDate parameter. It is available to CMMC eMASS only.

Authorizations:
apiKeyuserIdmockType
query Parameters
sinceDate
required
string
Example: sinceDate=1638764040

Date CMMC date (Unix date format)

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Static Code Scans

The Static Code Scans endpoint provides the ability to upload application scan findings into a system's assets module. Application findings can also be cleared from the system.

Upload static code scans or Clear static code scans

Upload or clear application scan findings into a system's systemId assets module.

Request Body Required Fields

  • Application Object (application)
    • applicationName
    • version
  • Application Findings Object Array (applicationFindings)
    • codeCheckName
    • count
    • scanDate
    • cweId

Note: To clear an application's findings, use only the field clearFindings as the Request body and set it to true. Example: 

[ 
  { 
    "application": { 
      "applicationName": "application name", 
      "version": "application version" 
    }, 
    "applicationFindings": [ 
      { "clearFindings": true } 
    ] 
  } 
]
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add static code scans or Clear static code scans

object
Array of objects (Static Code Application POST object")

Responses

Request samples

Content type
application/json
{
  • "application": {
    },
  • "applicationFindings": [
    ]
}

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Workflow Definitions

The Workflow Definitions endpoint provides the ability to view all workflow schemas available on the eMASS instance. Every transition for each workflow stage is included.

Get workflow definitions in a site

View all workflow schemas available on the eMASS instance filtered by status includeInactive and registration type registrationType.

Authorizations:
apiKeyuserIdmockType
query Parameters
includeInactive
boolean
Default: true

Include Inactive: If no value is specified, the default returns false to not include outdated workflow definitions.

registrationType
string
Default: "regular"

Registration Type: Filter record by selected registration type (single value or comma delimited values).

Available values: assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider, commonControlProvider

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Workflow Instances

The Workflow Instances endpoint provides the ability to view detailed information on all active and historical workflows for an eMASS instance.

Get workflow instances in a site

View detailed information on all active and historical workflows filtered by provided parameters.

Authorizations:
apiKeyuserIdmockType
query Parameters
includeComments
boolean
Default: true

Include Comments: If no value is specified, the default returns true to not include transition comments.

Note: Corresponds to the Comments textbox that is required at most workflow transitions. Does not include other text input fields such as Terms / Conditions for Authorization.

includeDecommissionSystems
boolean
Default: false

Include Decommission Systems: If no value is specified, the default returns false to exclude decommissioned systems.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

Note: Pages contain 1000 workflow instances.

sinceDate
string
Example: sinceDate=1638764040

Date: Filter on authorization/assessment date (Unix date format).

Note: Filters off the lastEditedDate field.

Note: The authorization/assessment decisions on completed workflows can be edited for up to 30 days after the initial decision is made.

status
string
Default: "all"
Enum: "active" "inactive" "all"

Status: Filter by status.

If no value is specified, the default returns all to include both active and inactive workflows.

Note: Any workflows at a current stage of Complete or Cancelled are inactive. Ongoing workflows currently at other stages are active.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ],
  • "pagination": {}
}

Get workflow instance by ID

View detailed historical workflow information for workflowInstanceId.

Authorizations:
apiKeyuserIdmockType
path Parameters
workflowInstanceId
required
integer
Example: 123

Workflow Instance Id: The unique workflow definition identifier.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": {
    }
}

Cloud Resource Results

The Cloud Resource Results endpoint provides the ability to add, update, and remove cloud resources and their scan results in the assets module for a system.

Add one or many cloud resources and their scan results

Add cloud resources and their scan results in the assets module for a system systemId

Request Body Required Fields

  • provider
  • resourceId
  • resourceName
  • resourceType
  • Compliance Results Object Array complianceResults
    • cspPolicyDefinitionId
    • isCompliant
    • policyDefinitionTitle

Example Request Body Required Fields

[ 
  { 
    "provider": "provide name",
    "resourceId": "resource identification",
    "resourceName": "resource name",
    "resourceType": "resource type",
    "complianceResults": [ 
      { 
        "cspPolicyDefinitionId": "CSP policy definition identification",
        "policyDefinitionTitle": "policy definition title",
        "isCompliant": [true or false]
      } 
    ] 
  } 
]
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add cloud resources and their scan results

Array
provider
string

[Required] Cloud service provider name

resourceId
string

[Required] Unique identifier/resource namespace for policy compliance result

resourceName
string

[Required] Friendly name of Cloud resource

resourceType
string

[Required] Type of Cloud resource

initiatedBy
string

[Optional] Email of POC

cspAccountId
string

[Optional] System/owner's CSP account ID/number

cspRegion
string

[Optional] CSP region of system

isBaseline
boolean

[Optional] True/false flag for providing results as baseline. If true, all existing compliance results for the resourceId will be replaced by results in the current call

object

[Optional] Informational tags associated to results for other metadata

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many cloud resources in a system

Removes cloud resources and their scan results in the assets module for a system systemId

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given Cloud Resource Id

Array
resourceId
string

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Container Scan Results

The Container Scan Results endpoint provides the ability to add, update, and remove containers and their scan results in the assets module for a system.

Add one or many containers and their scan results

Add containers and their scan results in the assets module for a system systemId.

Request Body Required Fields

  • containerId
  • containerName
  • time
  • Bench Marks Object Array benchmarks
    • benchmark
    • Results Object Array results
      • ruleId
      • status
      • lastSeen

Example Request Body Required Fields

[
  {
    "containerId": "container identification",
    "containerName": "container name",
    "time": Datetime of scan/result (1648217219),
    "benchmarks": [
      { 
        "benchmark": "RHEL_8_STIG",
        "results": [ 
          { 
            "ruleId": "rule identification",
            "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
            "lastSeen": Unix date format (1648217219)
          }, {
            "ruleId": "rule identification",
            "status": [Pass,Fail,Other,Not Reviewed,Not Checked,Not Applicable],
            "lastSeen": Unix date format (1648217219)
          }
        ]
      }
    ]
  }
]
Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Add containers and their scan results

Array
containerId
string

[Required] Unique identifier of the container

containerName
string

[Required] Friendly name of the container

time
integer <int64>

[Required] Datetime of scan/result. Unix date format

podName
string

[Optional] Name of pod (e.g. Kubernetes pod)

podIp
string

[Optional] IP address of pod

namespace
string

[Optional] Namespace of container in container orchestration (e.g. Kubernetes namespace)

object

[Optional] Informational tags associated to results for other metadata

Array of objects

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Remove one or many containers in a system

Removes container scan resources and their scan results in the assets module for a system systemId

Authorizations:
apiKeyuserIdmockType
path Parameters
systemId
required
integer
Example: 35

System Id: The unique system record identifier.

Request Body schema: application/json

Delete the given Container Scan Id

Array
containerId
string

[Required] Unique item identifier

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Dashboards

The Dashboards endpoints provide the ability to view data contained in dashboard exports. In the eMASS frontend, these dashboard exports are generated as Excel exports.

Each dashboard dataset available from the API is automatically updated with the current configuration of the dashboard and the instance of eMASS as the dashboard changes.

Organization-specific fields may differ. Organization-specific Dashboards should only be used by that organization (e.g., VA [dashboard name] should be used by VA).

System Status Dashboard

System Status Details

Get systems status detail dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Terms Conditions Dashboards

System Terms Conditions Summary

Get systems terms conditions summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Terms Conditions Details

Get systems terms conditions details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Security Controls Dashboards

System Control Compliance Summary

Get systems control compliance summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Control Compliance Details

Get systems security control details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Assessment Procedures Details

Get systems assessement procdures details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise POA&M Dashboards

System POA&M Summary

Get systems POA&Ms summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System POA&M Details

Get system POA&Ms details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Artifacts Dashboards

System Artifacts Summary

Get system Artifacts summary information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Artifacts Details

Get system Artifacts details information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Hardware Baseline Dashboards

System Hardware Summary

Get system hardware summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Hardware Details

Get system hardware details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Sensor-based Hardware Resources Dashboards

System Sensor Hardware Summary

Get system sensor hardware summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Sensor Hardware Details

Get system sensor hardware details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Software Baseline Dashboards

System Software Summary

Get system software summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Software Details

Get system software details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Sensor-based Software Resources Dashboards

System Sensor Software Summary

Get system sensor software summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Sensor Software Details

Get system sensor hardsoftwareware details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Sensor Software Counts

Get system sensor hardsoftwareware count dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Enterprise Vulnerability Dashboards

System Vulnerability Summary

Get system vulnerability summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Device Findings Summary

Get system device findings summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Device Findings Details

Get ssystem device findings details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Ports and Protocols Dashboards

System Ports/Protocols Summary

Get system ports and protocols summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Ports/Protocols Details

Get system ports and protocols details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System CONMON Integration Status Dashboard

System CONMON Integration Status

Get system CONMON integration status dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System Associations Dashboard

System Associations Details

Get system associations details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Users Dashboard

User System Assignments Details

Get user system assignments details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Privacy Compliance Dashboards

System Privacy Summary

Get user system privacy summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

VA OMB FISMA SAOP Summary

Get VA OMB-FISMA SAOP summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System A&A Summary Dashboard

VA System A&A Summary

Get VA system A&A summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System A2.0 Summary Dashboard

VA System A2.0 Summary

Get VA system A2.0 summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

System P.L. 109 Reporting Summary Dashboard

VA System P.L. 109 Reporting Summary

Get VA system P.L. 109 reporting summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

FISMA Inventory Summary Dashboards

VA System FISMA Inventory Summary

Get VA system FISMA inventory summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

VA System FISMA Inventory Crypto Summary

Get VA system FISMA inventory crypto summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

Threat Risks Dashboards

VA System Threat Risks Summary

Get VA system threat risk summary dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

VA System Threat Sources Details

Get VA system threat source details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }

VA System Threat Architecture Details

Get VA system threat architecture details dashboard information.

Authorizations:
apiKeyuserIdmockType
query Parameters
orgId
required
integer
Example: orgId=1

Organization Id: The unique organization identifier.

excludeinherited
boolean
Default: false

Exclude Inherited: If no value is specified, the default returns false to include inherited data.

pageIndex
integer
Default: 0

Page Index: If no value is specified, the default returns results from the first page with an index of 0.

pageSize
integer
Default: 20000

Page Size: If no value is specified, the default returns 20000 per page.

Responses

Response samples

Content type
application/json
{ }