Import & Export File Template

Table of Contents

Summary
Threats
Weaknesses
Countermeasures
Amendments (Additional Requirements)
Implementation (How-To’s)
Project Survey

Summary

All fields referenced in these specifications will be present in exported content.
Read-only fields and headers may be omitted from imported files unless otherwise specified.
Boolean fields export as True or False.

File Name Requirement: Must be the exact name of the legacy file name. Example:

Threats must be: threat.csv
Weakness/Problem must be:  weakness.csv
Countermeasures/Tasks/Standards must be: standard.csv
Additional Requirements/Amendments must be: amendment.csv
How-To's/Implementation must be: implementation.csv
Project Survey Question must be: question.csv
Project Survey Subquestion must be: subquestion.csv
Project Survey Section must be: section.csv
Project Survey Subsection must be: subsection.csv
Project Survey Answers must be: answer.csv

Threats

The following field will be used to look up an existing threat during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
db_id		Yes	Internal Database ID
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text	Yes		Same allowed characters as `title`.
severity	Yes		Integer between 1 and 10 (inclusive). 10 = highest risk; 1 = lowest risk.
type		Yes	Indicates builtin, builtin modified or custom content.
active			Boolean field.
created_date		Yes	Identifies when the threat was created.
created_by		Yes	Identifies the original author of the threat.
last_updated_date		Yes	Automatically updated upon importing new or updated content.
lasted_updated_by		Yes	Automatically updated upon importing new or updated content.
problems			List of weakness IDs separated by semicolons.
capecs			List of CAPEC IDs, separated by semicolons.
mark_delete	Yes		Boolean field. Allows deletion of custom content only.
stride			List of STRIDE threat mappings, separated by semicolons.
mitre_enterprise			List of MITRE ATT&CK (Enterprise) mappings, separated by semicolons.
mitre_ics			List of MITRE ATT&CK (ICS) mappings, separated by semicolons.
mitre_atlas			List of MITRE ATLAS mappings, separated by semicolons.

db_id

Yes

Internal Database ID

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Yes

Same allowed characters as title.

severity

Yes

Integer between 1 and 10 (inclusive). 10 = highest risk; 1 = lowest risk.

type

Yes

Indicates builtin, builtin modified or custom content.

active

Boolean field.

created_date

Yes

Identifies when the threat was created.

created_by

Yes

Identifies the original author of the threat.

last_updated_date

Yes

Automatically updated upon importing new or updated content.

lasted_updated_by

Yes

Automatically updated upon importing new or updated content.

problems

List of weakness IDs separated by semicolons.

capecs

List of CAPEC IDs, separated by semicolons.

mark_delete

Yes

Boolean field. Allows deletion of custom content only.

stride

List of STRIDE threat mappings, separated by semicolons.

mitre_enterprise

List of MITRE ATT&CK (Enterprise) mappings, separated by semicolons.

mitre_ics

List of MITRE ATT&CK (ICS) mappings, separated by semicolons.

mitre_atlas

List of MITRE ATLAS mappings, separated by semicolons.

Weaknesses

The following fields will be used to look up an existing weakness during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
db_id		Yes	Internal Database ID.
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text	Yes		Same allowed characters as `title`.
created		Yes	Identifies when the weakness was created.
updated		Yes	Automatically updated upon importing new or updated content.
last_updated_by		Yes	Automatically updated upon importing new or updated content.
cwe			A semicolon-separated string of integer CWE IDs. Example: `120;122`
risk_rating	Yes		Integer from 1 to 10 (inclusive). 10 = highest risk; 1 = lowest risk.
type			Indicates if weakness is builtin, builtin-modified, or custom.
active			Boolean field. Indicates whether the content is active or deactivated.
mark_delete	Yes		Indicates content is marked for deletion. Only custom weaknesses can be deleted.
match_conditions			List of rules separated by semicolons. Each rule may reference multiple answers using `AND`. Answers can be negated using `!`. Examples: With Answer IDs: `A1;A2 AND !A3`

db_id

Yes

Internal Database ID.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Yes

Same allowed characters as title.

created

Yes

Identifies when the weakness was created.

updated

Yes

Automatically updated upon importing new or updated content.

last_updated_by

Yes

Automatically updated upon importing new or updated content.

cwe

A semicolon-separated string of integer CWE IDs. Example: 120;122

risk_rating

Yes

Integer from 1 to 10 (inclusive). 10 = highest risk; 1 = lowest risk.

type

Indicates if weakness is builtin, builtin-modified, or custom.

active

Boolean field. Indicates whether the content is active or deactivated.

mark_delete

Yes

Indicates content is marked for deletion. Only custom weaknesses can be deleted.

match_conditions

List of rules separated by semicolons. Each rule may reference multiple answers using AND. Answers can be negated using !.

Examples:

With Answer IDs: A1;A2 AND !A3

Countermeasures

The following fields will be used to look up an existing countermeasure during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
db_id		Yes	Internal Database ID.
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text	Yes		Same allowed characters as `title`.
phase	Yes		The phase to which the countermeasure belongs. Allowed values include: `X1` - Requirements `X2` - Architecture & Design `X3` - Development `X4` - Testing `X5` - Deployment `X7` - Activities OR any custom phase ID.
created_by		Yes	Identifies the original author of the countermeasure.
created_date		Yes	Identifies when the countermeasure was created.
last_updated_by		Yes	Automatically updated upon importing new or updated content.
last_updated_date		Yes	Automatically updated upon importing new or updated content.
url		Yes	URL associated with the library object.
problem	Yes		Specifies the weakness this countermeasure mitigates. On export: Weaknesses are referenced by their `weakness_id`. On import: Weaknesses may be referenced by `weakness_id`.
priority	Yes		Integer between 1 and 10 (inclusive). 10 = highest priority; 1 = lowest.
tags			On export: On export, the tags field is a string of tag namess separated by semi-colons. On import: Tags may be referenced by ID or by title each separated by semi-colons.
active			Boolean field. Indicates whether the content is active or deactivated.
type	Yes		Indicates if content is builtin, builtin-modified, or custom.
mark_delete	Yes		Boolean field. Allows deletion of custom content only.
match_conditions			A list of rules separated by semicolons. Each rule may reference multiple answers using `AND`. Answers may be negated with `!`. Examples: Answer IDs: `A1;A2 AND !A3`

db_id

Yes

Internal Database ID.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Yes

Same allowed characters as title.

phase

Yes

The phase to which the countermeasure belongs. Allowed values include:

X1 - Requirements
X2 - Architecture & Design
X3 - Development
X4 - Testing
X5 - Deployment
X7 - Activities
OR any custom phase ID.

created_by

Yes

Identifies the original author of the countermeasure.

created_date

Yes

Identifies when the countermeasure was created.

last_updated_by

Yes

Automatically updated upon importing new or updated content.

last_updated_date

Yes

Automatically updated upon importing new or updated content.

url

Yes

URL associated with the library object.

problem

Yes

Specifies the weakness this countermeasure mitigates. On export: Weaknesses are referenced by their weakness_id. On import: Weaknesses may be referenced by weakness_id.

priority

Yes

Integer between 1 and 10 (inclusive). 10 = highest priority; 1 = lowest.

Amendments (Additional Requirements)

The following fields will be used to look up an existing amendment during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
db_id		Yes	Internal Database ID.
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text	Yes		Same allowed characters as `title`.
type	Yes		Indicates whether the additional requirement is builtin, builtin-modified, or custom.
ordinal	Yes		Non-negative integer specifying the order in which the additional requirements are shown on the countermeasure page.
created_by		Yes	Identifies the original author of the additional requirement.
created_date_time		Yes	Identifies when the requirement was created.
last_updated_by		Yes	The user who last updated the additional requirement.
last_updated_date		Yes	Automatically updated upon importing new or updated content.
active	Yes		Boolean field. Indicates whether the content is active or deactivated.
mark_delete	Yes		Boolean field. Allows deletion of custom content only.
match_conditions			A list of rules separated by semicolons. Each rule may reference multiple answers using `AND`. Answers may be negated by prefixing with `!`. Examples: Answer IDs: `A1;A2 AND !A3`
task	Yes		Specifies the countermeasure this additional requirement refers to.

db_id

Yes

Internal Database ID.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Yes

Same allowed characters as title.

type

Yes

Indicates whether the additional requirement is builtin, builtin-modified, or custom.

ordinal

Yes

Non-negative integer specifying the order in which the additional requirements are shown on the countermeasure page.

created_by

Yes

Identifies the original author of the additional requirement.

created_date_time

Yes

Identifies when the requirement was created.

last_updated_by

Yes

The user who last updated the additional requirement.

last_updated_date

Yes

Automatically updated upon importing new or updated content.

active

Yes

Boolean field. Indicates whether the content is active or deactivated.

mark_delete

Yes

Boolean field. Allows deletion of custom content only.

match_conditions

A list of rules separated by semicolons. Each rule may reference multiple answers using AND. Answers may be negated by prefixing with !.

Examples:

Answer IDs: A1;A2 AND !A3

task

Yes

Specifies the countermeasure this additional requirement refers to.

Implementation (How-To’s)

The following fields will be used to look up an existing how-to during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
id		Yes	The header must be present in imported files.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text	Yes		Same allowed characters as `title`.
type	Yes		Indicates whether the how-to is builtin, builtin-modified, or custom.
created_by			Identifies the user who originally created the how-to.
created_date			Identifies when the how-to was created.
last_updated_by		Yes	Automatically updated upon importing new or updated content.
last_updated		Yes	Automatically updated upon importing new or updated content.
active			Boolean field. Indicates whether the content is active or deactivated.
mark_delete	Yes		Boolean field. Allows deletion of custom content only.
match_conditions			A list of rules separated by semicolons. Each rule may reference multiple answers using `AND`. Answers may be negated using `!`. Examples: Answer IDs: `A1;A2 AND !A3`
task	Yes		Specifies the countermeasure this how-to refers to.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

Yes

The header must be present in imported files.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Yes

Same allowed characters as title.

type

Yes

Indicates whether the how-to is builtin, builtin-modified, or custom.

created_by

Identifies the user who originally created the how-to.

created_date

Identifies when the how-to was created.

last_updated_by

Yes

Automatically updated upon importing new or updated content.

last_updated

Yes

Automatically updated upon importing new or updated content.

active

Boolean field. Indicates whether the content is active or deactivated.

mark_delete

Yes

Boolean field. Allows deletion of custom content only.

match_conditions

A list of rules separated by semicolons. Each rule may reference multiple answers using AND. Answers may be negated using !.

Examples:

Answer IDs: A1;A2 AND !A3

task

Yes

Specifies the countermeasure this how-to refers to.

Project Survey

Default content cannot be customized (only deactivated); only new survey items may be added or updated.

Sections

The following fields will be used to look up an existing survey section during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
ordinal			Integer indicating the order of the item relative to its siblings.
type	Yes		Indicates if builtin, builtin modified or custom content.
mark_delete	Yes	Yes	Indicates that custom content is marked for deletion upon import.
match_conditions			A list of rules separated by semicolons. Each rule may reference multiple answers using `AND`. Answers may be negated using `!`. Examples: Answer IDs: `A1;A2 AND !A3`

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

ordinal

Integer indicating the order of the item relative to its siblings.

type

Yes

Indicates if builtin, builtin modified or custom content.

mark_delete

Yes

Indicates that custom content is marked for deletion upon import.

match_conditions

A list of rules separated by semicolons. Each rule may reference multiple answers using AND. Answers may be negated using !.

Examples:

Answer IDs: A1;A2 AND !A3

Subsections

The following fields will be used to look up an existing survey subsection during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
section	Yes		Indicates the section that this subsection belongs to.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
ordinal			Integer indicating the order of the subsection relative to its siblings.
type	Yes		Indicates if builtin, builtin modified or custom content.
mark_delete	Yes		Indicates custom content is marked for deletion upon import.
match_conditions			A list of rules separated by semicolons. Rules may reference multiple answers using `AND`. Answers may be negated using `!`. Examples: Answer IDs: `A1;A2 AND !A3`

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

section

Yes

Indicates the section that this subsection belongs to.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

ordinal

Integer indicating the order of the subsection relative to its siblings.

type

Yes

Indicates if builtin, builtin modified or custom content.

mark_delete

Yes

Indicates custom content is marked for deletion upon import.

match_conditions

A list of rules separated by semicolons. Rules may reference multiple answers using AND. Answers may be negated using !.

Examples:

Answer IDs: A1;A2 AND !A3

Questions

The following fields will be used to look up an existing survey question during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
title	Yes		A string containing letters, numbers, spaces, and the following characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text			Same allowed characters as `title`.
format	Yes		Allowed values: `SC` — Single Choice `MC` — Multiple Choice
policy			Allowed values: * `mandatory` * `optional` * `hidden`
comment_required	Yes		Boolean field indicating a comment is required.
type	Yes		Indicates if builtin, builtin modified or custom content.
mark_delete		Yes	Indicates custom content is marked for deletion upon import.
parent	Yes		Specifies the subsection this question belongs to.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

title

Yes

A string containing letters, numbers, spaces, and the following characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Same allowed characters as title.

format

Yes

Allowed values:

SC — Single Choice
MC — Multiple Choice

policy

Allowed values: * mandatory * optional * hidden

comment_required

Yes

Boolean field indicating a comment is required.

type

Yes

Indicates if builtin, builtin modified or custom content.

mark_delete

Yes

Indicates custom content is marked for deletion upon import.

parent

Yes

Specifies the subsection this question belongs to.

Subquestions

The following fields will be used to look up an existing subquestion during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
question_text	Yes		A string containing letters, numbers, spaces, and the characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
text			Same allowed characters as `question_text`.
format	Yes		Allowed values: * `SC` (Single Choice) * `MC` (Multiple Choice)
policy			Allowed values: * `mandatory` * `optional` * `hidden`
comment_required			Boolean field.
type	Yes		Indicates if builtin, builtin modified or custom content.
mark_delete	Yes		Indicates custom content is marked for deletion upon import.
parent	Yes		Specifies the parent question this subquestion belongs to.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

question_text

Yes

A string containing letters, numbers, spaces, and the characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

text

Same allowed characters as question_text.

format

Yes

Allowed values: * SC (Single Choice) * MC (Multiple Choice)

policy

Allowed values: * mandatory * optional * hidden

comment_required

Boolean field.

type

Yes

Indicates if builtin, builtin modified or custom content.

mark_delete

Yes

Indicates custom content is marked for deletion upon import.

parent

Yes

Specifies the parent question this subquestion belongs to.

Answers

The following fields will be used to look up an existing answer during import:

id

Field Required Read-only Notes

Field	Required	Read-only	Notes
db_id		Yes	Internal Database ID.
id		Yes	Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.
text	Yes		A string containing letters, numbers, spaces, and the characters: `_ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $`
description			Same allowed characters as `text`.
display_text		Yes	A display-friendly version of the answer text. Same allowed characters as `text`.
ordinal			Integer representing the order among sibling answers.
active			Boolean field.
implied_answers			A semicolon-separated list of answer IDs. Example: `A1;A2`
question	Yes		Specifies the question this answer refers to.
type	Yes		Indicates if builtin, builtin modified or custom content.
match_conditions			A list of rules separated by semicolons. Rules may reference multiple answers using `AND`. Answers may be negated using `!`. Examples: Answer IDs: `A1;A2 AND !A3`
mark_delete	Yes		Indicates custom content is marked for deletion upon import.

db_id

Yes

Internal Database ID.

Yes

Used to look up existing objects for updating. If left empty, the system will treat the entry as a new custom object. Can be used to create custom objects with a specific ID.

text

Yes

A string containing letters, numbers, spaces, and the characters: _ . , : ; ! ? ' & + - ~ # [ ] ( ) { } / $

description

Same allowed characters as text.

display_text

Yes

A display-friendly version of the answer text. Same allowed characters as text.

ordinal

Integer representing the order among sibling answers.

active

Boolean field.

implied_answers

A semicolon-separated list of answer IDs. Example: A1;A2

question

Yes

Specifies the question this answer refers to.

type

Yes

Indicates if builtin, builtin modified or custom content.

match_conditions

A list of rules separated by semicolons. Rules may reference multiple answers using AND. Answers may be negated using !.

Examples:

Answer IDs: A1;A2 AND !A3

mark_delete

Yes

Indicates custom content is marked for deletion upon import.

Import/Export File Template

Import & Export File Template

Summary

Threats

Weaknesses

Countermeasures

Amendments (Additional Requirements)

Implementation (How-To’s)

Project Survey

Sections

Subsections

Questions

Subquestions

Answers

results matching ""

No results matching ""