Risk Policies

Get All Risk Policies

This endpoint retrieves a list of Risk Policy resources.

GET /api/v2/risk-policies/

Query Parameters

The following parameters may be used to filter the risk policy resources in the response.

Parameter Description
name Filter Risk Policies by name.
description Filter Risk Policies by description.
priority Filter Risk Policies by priority.
riskclassification__ordinal Filter Risk Policies by project classification ordinal.

GET /api/v2/risk-policies/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "id": 1,
        "is_org_default": true,
        "name": "All Risk",
        "description": "Applies to all applications",
        "filters": {
            "phases": ["requirements", "architecture-design", "development", "testing"],
            "priority": 7,
            "regulations": ["REG1", "REG2"],
            "tags": ["tag1", "tag2"]
        },
        "project_classifications": [1, 4],
        "conditions": {
          "statuses": [{
            "task_status": "TS1",
            "minimum_verification_status": "pass"
          }]
        }
    }]
}

Create a new Risk Policy

Fields Required Description
name Yes The name of the new Risk Policy.
description Yes The description of the Risk Policy.
is_org_default No A boolean field which shows if this is the default Risk Policy. Defaults to false.
filters.priority No Countermeasures in this policy must have a priority greater or equal to this value. Must be a value from 1 to 10. Defaults to 1.
filters.phases No Countermeasures in this policy must be in one of these phases.
filters.regulations No The regulation(s) associated with this policy.
filters.tags No Countermeasures in this policy must have one of these tags.
conditions.statuses Yes To be considered compliant, Countermeasure subject to this Risk Policy must have a relevant Countermeasure Status and an Acceptable Verification Status.
POST /api/v2/risk-policies/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "name": "Low Risk",
    "description": "Applies to all applications",
    "filters": {
        "phases": ["requirements", "architecture-design", "development", "testing"],
        "priority": 7,
        "regulations": ["REG1", "REG2"],
        "tags": ["tag1", "tag2"]
    },
    "project_classifications": [],
    "conditions": {
      "statuses": [{
        "task_status": "TS1",
        "minimum_verification_status": "pass"
      }]
    }
}
HTTP/1.1 201 CREATED
Content-Type: application/json

{

    "id": 2,
    "is_org_default": false,
    "name": "Low Risk",
    "description": "Applies to all applications",
    "filters": {
        "phases": ["requirements", "architecture-design", "development", "testing"],
        "priority": 7,
        "regulations": ["REG1", "REG2"],
        "tags": ["tag1", "tag2"]
    },
    "project_classifications": [],
    "conditions": {
      "statuses": [{
        "task_status": "TS1",
        "minimum_verification_status": "pass"
      }]
    }
}

Update a Risk Policy

Update a single Risk Policy by specifying a new name and priority. The Risk Policy to update is identified by the id.

PATCH /api/v2/risk-policies/{risk_policy_id}/

URL Parameters

Parameter Description
risk_policy_id The id of the Risk Policy to edit must be submitted in the request.

Payload

Fields Required Description
name No The name of the new Risk Policy.
description No The description of the Risk Policy.
is_org_default No A boolean field which shows if this is the default Risk Policy. Defaults to false.
filters.priority No Countermeasures in this policy must have a priority greater or equal to this value. Must be a value from 1 to 10. Defaults to 1.
filters.phases No Countermeasures in this policy must be in one of these phases.
filters.regulations No This policy will include all relevant Countermeasures related to these regulations.
filters.tags No Countermeasures in this policy must have one of these tags.
conditions.statuses No To be considered compliant, Countermeasures subject to this risk policy must have a relevant Countermeasures Status and an Acceptable Verification Status.
regulations No This policy will include all Countermeasures related to relevant regulations.
PATCH /api/v2/risk-policies/2/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "name": "Max Risk",
    "filters": {
        "priority": 10
    }
}
HTTP/1.1 200 OK
Content-Type: application/json

{

    "id": 2,
    "is_org_default": false,
    "name": "Max Risk",
    "description": "Applies to all applications",
    "filters": {
        "phases": ["requirements", "architecture-design", "development", "testing"],
        "priority": 10,
        "regulations": ["REG1", "REG2"],
        "tags": ["tag1", "tag2"]
    },
    "project_classifications": [],
    "conditions": {
      "statuses": [{
        "task_status": "TS1",
        "minimum_verification_status": "pass"
      }]
    }
}

Delete a Risk Policy

This endpoint deletes a single Risk Policy resource, as specified by the id parameter.

DELETE /risk-policies/{risk_policy_id}/

URL Parameters

Parameter Description
risk_policy_id The id of the Risk Policy to delete must be submitted in the request.

Payload

Fields Required Description
replacement Yes The Risk Policy ID to move the associated projects.
DELETE /api/v2/risk-policies/1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "replacement": 2
}
HTTP/1.1 204 NO CONTENT

Get a specific Risk Policy

This endpoint retrieves a specific Risk Policy resource, as specified by the id parameter.

GET /api/v2/risk-policies/{risk_policy_id}/

URL Parameters

Parameter Description
risk_policy_id The id of the Risk Policy to retrieve.

GET /api/v2/risk-policies/1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": 1,
    "is_org_default": true,
    "name": "All Risk",
    "description": "Applies to all applications",
    "filters": {
        "phases": ["requirements", "architecture-design", "development", "testing"],
        "priority": 7,
        "regulations": ["pci-dss", "HIPAA"],
        "tags": ["tag1", "tag2"]
    },
    "project_classifications": [1, 4],
    "conditions": {
      "statuses": [{
        "task_status": "TS1",
        "minimum_verification_status": "pass"
      }]
    }
}

Expand Parameters

See the Expand Parameters section for more details.

Parameter Description
phases The Phases field is expanded to include Phase names.
statuses The Statuses field is expanded to include Countermeasure Status names and Verification Status names, ordinals, and labels.
regulations The Regulations field is expanded to include Regulation names.
project_classifications The Project Classifications field is expanded to include the name, description, and last updated time.

GET /api/v2/risk-policies/1/?expand=phases,conditions,regulations,project_classifications HTTP/1.1
Accept: application/json
Authorization: Token: "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": 1,
    "is_org_default": true,
    "name": "All Risk",
    "description": "Applies to all applications",
    "filters": {
        "phases": [
            {
                "name": "Requirements",
                "slug": "requirements"
            },
            {
                "name": "Architecture & Design",
                "slug": "architecture-design"
            },
            {
                "name": "Development",
                "slug": "development"
            },
            {
                "name": "Testing",
                "slug": "testing"
            }
        ],
        "priority": 7,
        "regulations": [
            {
                "name": "PCI-DSS v2.0",
                "item_id": "REG1"
            },
            {
                "name": "HIPAA",
                "item_id": "REG2"
            }
        ],
        "tags": ["tag1", "tag2"]
    },
    "project_classifications": [
        {
            "id": 1,
            "ordinal": 1,
            "name": "Maximum",
            "description": "Used for projects with maximum risk.",
            "default_risk_policy": 1,
            "risk_policies": [1],
            "answers": ["A168"],
            "last_update_date_time": "2019-05-28T11:34:21.908541-04:00",
            "is_unclassified": false
        }
    ],
    "conditions": {
      "statuses": [{
        "task_status": {
            "name": "Complete",
            "item_id": "TS1"
        },
        "minimum_verification_status": {
            "name": "pass",
            "label": "Pass",
            "ordinal": 2
        }
      }]
    }
}

results matching ""

    No results matching ""