eMASSRestOpenApi.yaml

---
openapi: 3.0.3
#------------------------------------------------------------------------------
# I N F O  - API metadata 
#------------------------------------------------------------------------------  
info:
  title: Enterprise Mission Assurance Support Service (eMASS)
  description: |-
      The Enterprise Mission Assurance Support Service (eMASS) REST Application
      Programming Interface (API) enables users to perform assessments and complete actions
      associated with system records. This document will provide an outline of all eMASS
      objects and their associated endpoints to include Department of Defense (DoD) business
      rules that pertain to each.
      
      New users will need to register an API key with the eMASS development team prior to
      accessing the site for the first time. The eMASS REST API requires a client certificate
      (SSL/TLS, DoD PKI only) where {url}/api/register (POST) is used to register the client
      certificate.

      Every call to the eMASS REST API will require the use of the agreed upon public key
      certificate and API key. The API key must be provided in the request header for all
      endpoint calls (api-key). If the service receives an untrusted certificate or API key, a
      401 error response code will be returned along with an error message.

      <strong>Available Request Headers:</strong>
      | Key      | Example Value                      | Description
      |----------|------------------------------------|------------------------------------
      |`api-key` |avalidkeyisneeded                   |This API key must be provided in the request header for all endpoint calls
      |`user-uid`|avaliduseruid                       |This User unique identifier key must be provided in the request header for all PUT, POST, and DELETE endpoint calls. 
      |          |                                    |Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC.

      Users are required to log-in to eMASS and grant permissions for a client to update data
      within eMASS on their behalf. This is only required for actionable requests (PUT, POST,
      DELETE). The Registration Endpoint and all GET requests can be accessed without
      completing this process with the correct permissions.

      <strong>Approve API Client for Actionable Requests</strong><br>
      Users are required to log-in to eMASS and grant permissions for a client to update data
      within eMASS on their behalf. This is only required for actionable requests (PUT, POST,
      DELETE). The Registration Endpoint and all GET requests can be accessed without
      completing this process with the correct permissions. Please note that leaving a field
      parameter blank (for PUT/POST requests) has the potential to clear information in the
      active eMASS records.

      To gain permissions to the relevant endpoints for a new API key:
  contact:
    name: eMASS Tier III support
    url: 'https://www.dcsa.mil/is/emass/'
    email: disa.meade.id.mbx.emass-tier-iii-support@mail.mil

  version: '2.3.0'

externalDocs:
  description: eMASS New User Registration
  url: 'https://nisp.emass.apps.mil/Content/Help/jobaids/eMASS_OT_NewUser_Job_Aid.pdf'
#------------------------------------------------------------------------------
# S E R V E R S - Array of Server Objects which provide connectivity information
#                  to target servers. 
#------------------------------------------------------------------------------  
#servers:
#  - url: "http://localhost:4010"
#  - url: "https://pilot-comm.emasstest.boozallencsn.com:443"
  #- url: "https://localhost:4433"
servers:
  - url: "http://localhost:4010"
    description: The localhost mock server
  - url: https://pilot-comm.emasstest.boozallencsn.com:{port}
  #- url: https://pilot-comm.emasstest.boozallencsn.com:{port}/{basePath}
    description: The development API server
    variables:
      user-uid:
        # note! no enum here means it is an open value
        default: 'USER.TEST121.EMASS'
        description: this value is assigned by the service provider, in this example `gigantic-server.com`
      port:
        enum:
          - '8443'
          - '443'
        default: '443'
      #basePath:
        # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2`
      #  default: v2

#------------------------------------------------------------------------------
# T A G S - A list of tags used by the specification with additional metadata.
#------------------------------------------------------------------------------
tags:
  - name: Test
    description: >
      The Test Connection endpoint is provided by eMASS to verify and troubleshoot
      the connection to the web service
  - name: Registration
    description: >
      The Registration endpoint is provided by eMASS to allow users to register their certificate
      and obtain an API key. This API key must be provided in the request header for all
      endpoint calls (api-key).
  - name: Systems
    description: "The System endpoint provides the ability to access system data"
  - name: SystemRoles
    description: "The System Roles endpoints provide the ability to access user data assigned to systems"
  - name: Controls
    description: "The Control endpoints provide the ability to add Security Control information to a system for both the Implementation Plan and Risk Assessment."
  - name: TestResults
    description: >
      The Test Result endpoints provide the ability to add test results for a system's DoD
      Assessment Procedures (CCIs) which determines NIST SP 80-53 Revision 4 Security
      Control Compliance (Compliant, Non-Compliant, Not Applicable). The endpoints also
      provide the ability to retrieve test results.
  - name: POAM
    description: >
      These endpoints provide the ability to add Plan of Action and Milestones (POA&M) items to a system.
      The endpoint also provides the ability to view, update and/or remove existing POA&M items and associated milestones in a system.
  - name: Artifacts
    description: >
      The Artifact endpoints provide the ability to add new Artifacts
      (supporting documentation/evidence for Security Control Assessments and system
      Authorization activities) to a system.
  - name: ApprovalChain
    description: >
      The Approval Chain endpoints provide the ability to view Security Controls’ locations in
      the Control Approval Chain (CAC) in a system and submit them to the 2nd role of the CAC
      for independent verification and validation. These endpoints also provide the ability to
      view the location of a system's package in the Package Approval Chain (PAC) and submit
      a new package for assessment and authorization.

#------------------------------------------------------------------------------
# P A T H S - The available paths and operations for the API endpoints
#------------------------------------------------------------------------------
paths:
  #----------------------------------------------------------------------------
  # Test endpoint
  #----------------------------------------------------------------------------
  /api:
    get:
      tags:
        - Test
      summary: "Test connection to the API"
      description: "Returns endpoint call status"
      operationId: testConnection
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Test"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."
        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request"

  #----------------------------------------------------------------------------       
  # Register endpoint
  #----------------------------------------------------------------------------
  /api/api-key:
    post:
      tags:
        - Registration
      summary: "Register user certificate and obtain an API key"
      description: "Returns the api-key - This API key must be provided in the request header for all endpoint calls (api-key)."
      operationId: registerUser      
      requestBody:
        description: "User certificate previously provided by eMASS."
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/RegisterUser"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/RegisterUser"
        required: true
      responses:
        '200':
          description: "Request has succeeded"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Register"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."
       
        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request"                  

  #----------------------------------------------------------------------------   
  # Systems endpoint
  #----------------------------------------------------------------------------
  /api/systems:
    get:
      tags:
        - Systems
      summary: "Get system information matching provided parameters"
      description: |-
        Returns the system(s) data matching parameters<br>
          **Notes**<br>
          <ul>
            <li>If a system is dual-policy enabled, the returned system details default to the RMF policy information unless otherwise specified for an individual system.</li>
            <li>Certain fields are instance specific and may not be returned in GET request.</li>
          </ul>
      operationId: getSystems          
      parameters:
        - $ref: '#/components/parameters/includePackage'
        - $ref: '#/components/parameters/registrationType'
        - $ref: '#/components/parameters/ditprId'
        - $ref: '#/components/parameters/coamsId'
        - $ref: '#/components/parameters/policy'
        - $ref: '#/components/parameters/includeDitprMetrics'
        - $ref: '#/components/parameters/includeDecommissioned'          
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                oneOf:
                  - "$ref": "#/components/schemas/SystemResponse1"
                  - "$ref": "#/components/schemas/SystemResponse2"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  #---------------------------------------------------------------------------- 
  # System Roles endpoint
  #----------------------------------------------------------------------------
  /api/system-roles:
    get:
      tags:
        - SystemRoles
      summary: "Get available roles"
      description: |-
        Returns all available roles<br>
          **Notes**<br>
            <ul>
              <li>If a system is dual-policy enabled, the returned system role information default to the RMF policy information unless otherwise specified.</li>
            </ul>
      operationId: getSystemRoles                
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/SystemRolesResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  /api/system-roles/{roleCategory}:
    get:
      tags:
        - SystemRoles
      summary: "Get system roles"
      description: |-
          Returns the role(s) data matching parameters.<br>
          **Notes**<br>
            <ul>
              <li>If a system is dual-policy enabled, the returned system role information default to the RMF policy information unless otherwise specified.</li>
            </ul>
      operationId: getSystemByRoleCategoryId            
      parameters:
        - $ref: '#/components/parameters/roleCategory'
        - $ref: '#/components/parameters/role'
        - $ref: '#/components/parameters/policy'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/SystemRoleCategoryResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  #----------------------------------------------------------------------------
  # Control endpoint
  #----------------------------------------------------------------------------
  /api/systems/{systemId}/controls:
    get:
      tags:
       - Controls
      summary: "Get control information in a system for one or many controls"
      description: |-
          Returns system control information for matching `systemId` path parameter
      operationId: getSystemBySystemId          
      parameters:
        - $ref: '#/components/parameters/systemId'
        - $ref: '#/components/parameters/acronyms'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ControlResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 
      
    put:
      tags:
        - Controls
      summary: "Update control information in a system for one or many controls"
      description: "Update an existing control by System Id"
      operationId: updateControlBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId'      
      requestBody:
        description: "Update an existing control by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/Controls"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/Controls"    
        required: true
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  #----------------------------------------------------------------------------
  # Test Results endpoint
  #----------------------------------------------------------------------------
  /api/systems/{systemId}/test-results:
    get:
      tags:
        - TestResults
      summary: "Get one or many test results in a system"
      description: |-
          Returns system test results information for matching parameters.<br>
      operationId: getTestResultsBySystemId    
      parameters:
        - $ref: '#/components/parameters/systemId'    
        - $ref: '#/components/parameters/controlAcronyms'
        - $ref: '#/components/parameters/ccis'
        - $ref: '#/components/parameters/latestOnly'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/TestResultslResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 
           
    post:
      tags:
        - TestResults
      summary: "Add one or many test results in a system"
      description: "Adds test results for given `systemId`"
      operationId: addTestResultsBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId' 
      requestBody:
        description: "Update an existing control by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/TestResults"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/TestResults"               
        required: true      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 
  
  #----------------------------------------------------------------------------
  # POA&M endpoint
  #----------------------------------------------------------------------------
  /api/systems/{systemId}/poams:
    get:
      tags:
        - POAM
      summary: "Get one or many poa&m items in a system"
      description: |-
          Returns system containing POA&M items for matching parameters. 
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/scheduledCompletionDateStart'
        - $ref: '#/components/parameters/scheduledCompletionDateEnd'
        - $ref: '#/components/parameters/controlAcronyms'
        - $ref: '#/components/parameters/ccis'
        - $ref: '#/components/parameters/systemOnly'      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/PoamResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    post:
      tags:
        - POAM
      summary: "Add one or many poa&m items in a system"
      description: |-
        Adds POA&M for given `systemId`<br>
        **Note**<br>
        If a POC email is supplied, the application will attempt to locate a user already
        registered within the application and pre-populate any information not explicitly supplied
        in the request. If no such user is found, these fields are required within the request.<br>
        `pocOrganization`, `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber`
      operationId: addPoamBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId' 
      requestBody:
        description: "Update an existing control by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/POAM"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/POAM"                 
        required: true      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    put:
      tags:
        - POAM
      summary: "Update one or many poa&m items in a system"
      description: |-
        Update Adds POA&M for given `systemId`<br>
        **Note**<br>
        If a POC email is supplied, the application will attempt to locate a user already
        registered within the application and pre-populate any information not explicitly supplied
        in the request. If no such user is found, these fields are required within the request.<br>
        `pocOrganization`, `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber`
      operationId: updatePoamBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId' 
      requestBody:
        description: "Update an existing control by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/POAM"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/POAM"              
        required: true
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    delete:
      tags:
        - POAM
      summary: "Remove one or many poa&m items in a system"
      description: |-
        Remove the POA&M matching `systemId` path parameter and `poamId` query parameter<br>
      operationId: deletePoam
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - name: poamId
          in: query        
          description: "**POA&M Id**: The unique POA&M record identifier."
          required: true
          schema:
             type: integer
             x-faker: random.number
             example: 45
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"      
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
              
  /api/systems/{systemId}/poams/{poamId}:
    get:
      tags:
        - POAM
      summary: "Get poa&m item by id in a system"
      description: |-
          Returns system test results information for matching parameters.<br>
      operationId: getPoamBySystemIdAndPoamId
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/PoamResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  /api/systems/{systemId}/poams/{poamId}/milestones:
    get:
      tags:
        - POAM
      summary: "Get milestones in one or many poa&m items in a system"
      description: |-
          Returns system containing milestones for matching parameters. 
      operationId: getMilestonesBySystemIdAndPoamId 
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
        - $ref: '#/components/parameters/scheduledCompletionDateStart' 
        - $ref: '#/components/parameters/scheduledCompletionDateEnd'        
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/MilestoneResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    post:
      tags:
        - POAM
      summary: "Add milestones to one or many poa&m items in a system"
      description: "Adds a milestone for given `systemId` and `poamId` path parameters"
      operationId: addMilestoneBySystemIdAndPoamId
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
      requestBody:
        description: "Update an existing milestone"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/PostMilestones"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/PostMilestones"                 
        required: true      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    put:
      tags:
        - POAM
      summary: "Update one or many poa&m items in a system"
      description: "Updates a milestone for given `systemId` and `poamId` path parameters"
      operationId: updateMilestoneBySystemIdAndPoamId
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
      requestBody:
        description: "Update an existing control by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/PutMilestones"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/PostMilestones"                 
        required: true
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    delete:
      tags:
        - POAM
      summary: "Remove milestones in a system for one or many poa&m items"
      description: |-
        Remove the POA&M matching `systemId` path parameter<br>
        **Notes**<br>
        To delete a milestone the record must be inactive by having the field isActive set to false (`isActive=false`).
      operationId: deleteMilestone
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
        - name: milestoneId
          in: query        
          description: "**Milestone Id**: The unique milestone record identifier."
          required: true
          schema:
             type: integer
             x-faker: random.number
             example: 77
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"      
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"

  /api/systems/{systemId}/poams/{poamId}/milestones/{milestoneId}:
    get:
      tags:
        - POAM
      summary: "Get milestone by id in poa&m item in a system"
      description: |-
          Returns systems containing milestones for matching parameters. 
      operationId: getMilestonesBySystemIdAndPoamIdAndfMilestoneId
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/poamId'
        - $ref: '#/components/parameters/milestoneId' 
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/MilestoneResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  #----------------------------------------------------------------------------
  # Artifacts endpoint
  #----------------------------------------------------------------------------
  /api/systems/{systemId}/artifacts:
    get:
      tags:
        - Artifacts
      summary: "Get one or many artifacts in a system"
      description: |-
          Returns selected artifacts matching parameters to include the file name containing the artifacts.
      parameters:
        - $ref: '#/components/parameters/systemId' 
        - $ref: '#/components/parameters/filename'
        - $ref: '#/components/parameters/controlAcronyms'
        - $ref: '#/components/parameters/ccis'
        - $ref: '#/components/parameters/systemOnly'      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ArtifactsGetResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/400Response"

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '404':
          description: "Server could not find what was requested."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/404Response"                
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    post:
      tags:
        - Artifacts
      summary: "Add one or many artifacts in a system"
      description: |-
          <strong>Information</strong><br>
          The request body of a POST request through the Artifact Endpoint accepts a single binary file
          with file extension ".zip" only. This accepted .zip file should contain one or more files
          corresponding to existing artifacts or new artifacts that will be created upon successful receipt.
          Filename uniqueness throughout eMASS will be enforced by the API.<br><br>
          Upon successful receipt of a file, if a file within the .zip is matched via filename to an artifact
          existing within the application, the file associated with the artifact will be updated. If no artifact
          is matched via filename to the application, a new artifact will be created with the following
          default values. Any values not specified below will be blank.
          <ul>
            <li>isTemplate: false</li>
            <li>type: other</li>
            <li>category: evidence</li>
          </ul>
          To update values other than the file itself, please submit a PUT request.<br>
          -----------------------------------------------------------------------------------------------<br>
          <strong>Zip file information</strong><br>
          Upload a zip file contain one or more files corresponding to existing artifacts
          or new artifacts that will be created upon successful receipt.<br><br>
          <strong>Business Rules</strong><br>
          Artifact cannot be saved if the file does not have the following file extensions:
          
              .docx,.doc,.txt,.rtf,.xfdl,.xml,.mht,.mh,tml,.html,.htm,.pdf,.mdb,.accdb,.ppt,
              .pptx,.xls,.xlsx,.csv,.log,.jpeg,.jpg,.tiff,.bmp,.tif,.png,.gif,.zip,.rar,.msg,
              .vsd,.vsw,.vdx,.z{#},.ckl,.avi,.vsdx

          Artifact version cannot be saved if an Artifact with the same file name already exist in the system.

          Artifact cannot be saved if the file size exceeds 30MB.          
      operationId: addArtifactsBySystemId

      parameters:
        - $ref: '#/components/parameters/systemId' 
  #     requestBody:
  #       description: "Upload a zip file contain one or more files corresponding to existing artifacts or new artifacts that will be created upon successful receipt. Max 30MB per artifact."
  #       content:
  #         application/octet-stream:
  #           schema:
  #             type: string
  #             format: binary
  #       required: true        
      requestBody:
        description: "See notes above for additional information"
        content:
          multipart/form-data:
            schema:
              type: object
              properties:
                Zipper:
                  type: string
                  format: binary   
        required: true                      
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ArtifactsPutPostResponse"
        # 'default':
        #   description: "Unexpected error"
        #   content:
        #     application/json:
        #       schema:
        #         "$ref": "#/components/schemas/Error"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/400Response"
        '404':
          description: "Server could not find what was requested."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/404Response"                  
    put:
      tags:
        - Artifacts
      summary: "Update one or many artifacts in a system"
      description: |-
        "Updates an artifact for given `systemId` path parameter"<br><br>
        <b>Business Rules</b></br>
        Artifact <b>cannot be saved</b> if the fields below exceed the following character limits:<br>
        `filename` 1000 characters, `description` 2000 characters, `refPageNumber` 50 characters

        Artifact <b>cannot be saved</b> if the following fields are missing data:<br>
        `fileName`, `isTemplate`, `type`, and `category`
      operationId: updateArtifactBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId' 
      requestBody:
        description: "See notes above for additional information"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/PutArtifacts"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/PutArtifacts"                 
        required: true
      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ArtifactsPutPostResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '404':
          description: "Server could not find what was requested."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/404Response"                  
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    delete:
      tags:
        - Artifacts
      summary: "Remove one or many artifacts in a system"
      description: |-
        Remove the Artifact(s) matching `systemId` path parameter and request body artifact(s) file name<br><br>
        <b>Note:</b>
        The endpoint expects an array of objects containing `filename: file_to_delete`. 
        Multiple files can be deleted by providing multiple file objects (common delimited)
      operationId: deleteArtifact
      parameters:
        - $ref: '#/components/parameters/systemId' 
        #- $ref: '#/components/parameters/filename'
      requestBody:
        description: "See notes above for additional information"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/DeleteArtifacts"
        required: true

      responses:
        '200':
          description: Successful operation
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ArtifactsDelResponse"      
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '404':
          description: "Server could not find what was requested."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/404Response"                  
  /api/systems/{systemId}/artifacts-export:
    get:
      tags:
        - Artifacts
      summary: "Get the file of an artifact in a system"
      description: |-
         <strong>Sample Responce</strong><br>
          Binary file associated with given filename.<br>
          If `compress` parameter is specified and set to `true`, the zip archive of binary file associated with given filename is returned.<br>
          If `compress` parameter is specified and set to `false`, the zip archive contents associated with given filename is returned.<br>
      parameters:
        - $ref: '#/components/parameters/systemId'       
        - $ref: '#/components/parameters/exportfilename'
        - $ref: '#/components/parameters/exportcompress'      
      responses:
        '200':
          description: "Successful retrieved Artifacts file"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ArtifactGetExportResponse"            
            application/octet-stream: 
              schema:
                description: "Artifacts file ready for download"
                type: string
                format: binary   
                example: "Binary file associated with given filename"
        '404':
          description: "Server could not find what was requested."
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/404Response"       
        'default':
          description: "Unexpected error"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Error"

  #----------------------------------------------------------------------------
  # Approval Chain endpoints
  #----------------------------------------------------------------------------
  /api/systems/{systemId}/approval/cac:
    get:
      tags:
       - ApprovalChain
      summary: "Get location of one or many controls in CAC"
      description: |-
          Returns the location of a system's package in the Control Approval Chain (CAC) for matching `systemId` path parameter
      operationId: getCacApprovalBySystemId          
      parameters:
        - $ref: '#/components/parameters/systemId'
        - $ref: '#/components/parameters/controlAcronyms'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/ApprovalCacResponse"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 
     
    post:
      tags:
        - ApprovalChain
      summary: "Submit control to second role of CAC"
      description: |-
        Adds an Approval for given `systemId` path parameter<br><br>
        POST requests will only yield successful results if the control is currently sitting at the first
        role of the CAC. If the control is not currently sitting at the first role, then an error will be
        returned.
      operationId: addCAcApprovalChainBySystemId
      parameters:
        - $ref: '#/components/parameters/systemId' 
      requestBody:
        description: "Update an existing Artifact by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/PostApprovalCac"
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/PostApprovalCac"          
        required: true                   
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

  /api/systems/{systemId}/approval/pac:
    get:
      tags:
       - ApprovalChain
      summary: "Get location of system package in PAC"
      description: |-
          Returns the location of a system's package in the Package Approval Chain (PAC) for matching `systemId` path parameter<br><br>
          If the indicated system has an active package, the response will include the package type
          and the current role the package is sitting at. If there is no active package, then a null data
          member will be returned.
      operationId: getPacApprovalBySystemId          
      parameters:
        - $ref: '#/components/parameters/systemId'
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                oneOf:
                  - "$ref": "#/components/schemas/ApprovalPacResponse1"
                  - "$ref": "#/components/schemas/ApprovalPacResponse2"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

    post:
      tags:
        - ApprovalChain
      summary: "Submit system package for review"
      description: |-
        Adds a Package Approval Chain (PAC) for given `systemId` path parameter
      operationId: addPacApprovalChainBySystemId
      parameters:
        - $ref: "#/components/parameters/systemId"
      requestBody:
        description: "Update an existing Artifact by Id"
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/PostApprovalPac" 
          application/x-www-form-urlencoded:
            schema:
              "$ref": "#/components/schemas/PostApprovalPac"              
        required: true                       
      responses:
        '200':
          description: "Successful response"
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/200"
        '400':
          description: "Request could not be understood by the server due to malformed syntax."

        '401':
          description: "Request requires user authentication. Client may repeat the request with suitable Authorization"
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/401"
        '480':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/480"
        '490':
          description: "Business rule is violated that prevents the requested action."
          content:
            text/plain:
              schema:
                "$ref": "#/components/schemas/490"
        '500':
          description: "Server encountered an unexpected condition which prevented it from fulfilling the request" 

#------------------------------------------------------------------------------
# C O M P O N E N T S
#------------------------------------------------------------------------------
components:
  #----------------------------------------------------------------------------
  # Parameters 
  #----------------------------------------------------------------------------  
  parameters:

    #--------------------------------------------------------------------------
    # formData
    #-------------------------------------------------------------------------=

    #--------------------------------------------------------------------------
    # Path 
    #-------------------------------------------------------------------------=
    roleCategory:
      name: roleCategory
      in: path
      description: "**Role Category**: The system role category been queried"
      required: true
      schema:
        # type: string
        # x-faker: random.word
        # example: IAO
        type: string
        enum: ["CAC","PAC","Other"]
        default: "PAC"           
    systemId:
      name: systemId
      in: path
      description: "**System Id**: The unique system record identifier."
      required: true
      schema:
        type: integer
        x-faker: random.number
        example: 35
    poamId:
      name: poamId
      in: path        
      description: "**POA&M Id**: The unique POA&M record identifier."
      required: true
      schema:
        type: integer
        x-faker: random.number
        example: 45
    milestoneId:
      name: milestoneId
      in: path        
      description: "**Milestone Id**: The unique milestone record identifier."
      required: true
      schema:
        type: integer
        x-faker: random.number
        example: 77
    #--------------------------------------------------------------------------
    # Query - Required --------------------------------------------------------
    role:
      name: role
      in: query
      description: "**Role**: Required parameter. Accepts single value from available options." 
      required: true
      schema:
        type: string
        #enum: ["AO","Auditor","Artifact Manager","C&A Team","IAO","PM/IAM","SCA","User Rep (View Only)", "Validator (IV&V)"]
        enum: ["AO","Auditor","Artifact Manager","C&A Team","IAO","ISSO","PM/IAM","SCA","User Rep (View Only)", "Validator (IV&V)"]
        default: "Validator (IV&V)" 
    exportfilename:
      name: filename
      in: query
      required: true
      description: "**File Name**: The file name (to include file-extension)."
      schema:
        type: string   
        example: ArtifactsExporFile.pdf 
    exportcompress:
      name: compress
      in: query
      required: true
      description: "**Compress File**: Determines if returned file is compressed."
      schema:
        type: boolean
        enum: [true, false]
        default: true
    #--------------------------------------------------------------------------
    # Query - Optional --------------------------------------------------------

    includePackage:
      name: includePackage
      in: query
      description: "**Include Package**:  Indicates if additional packages information is retrieved for queried system."
      schema:
        type: boolean
        enum: [true, false]
        default: true
    registrationType:
      name: registrationType
      in: query
      style: form
      allowReserved: true
      explode: false
      description: "**Registration Type**: Filter record by selected registration type, accepts multiple comma separated values"
      schema:
        type: array
        items:
          type: string
          enum:
            - assessAndAuthorize
            - assessOnly
            - guest
            - regular
            - functional
            - cloudServiceProvider 
    ditprId:
      name: ditprId
      in: query
      description: "**DITPR ID**: Filter query by DoD Information Technology (IT) Portfolio Repository (DITPR)."
      schema:
        type: string
    coamsId:
      name: coamsId
      in: query
      description: "**COAMS ID**: Filter query by Cyber Operational Attributes Management System (COAMS)."
      schema:
        type: string
    policy:
      name: policy
      in: query
      description: "**System Policy**: Filter query by system policy. If no value is specified and more than one policy is available, the default return is the RMF policy information." 
      schema:
        type: string
        enum: ["diacap", "rmf", "reporting"]
        default: "rmf"
    acronyms:
      name: acronyms
      in: query
      description: "**Acronym**: The system acronym(s) been queried (single value or common delimited values)." 
      schema:
        type: string
        default: "PM-6"   
    includeDitprMetrics:
      name: includeDitprMetrics
      in: query
      description: |-
        **Include DITPR**: Indicates if DITPR metrics are retrieved. This query string parameter can only be used in conjunction with the following parameters:<br>
          <ul>
            <li>registrationType</li>
            <li>policy</li>
          </ul>
      schema:
        type: boolean
        enum: [true, false]
        default: false
    includeDecommissioned:
      name: includeDecommissioned
      in: query
      description: "**Include Decommissioned Systems**: Indicates if decommissioned systems are retrieved. If no value is specified, the default returns true to include systems with a “Decommissioned” Authorization Status value."
      schema:
        type: boolean
        enum: [true, false]
        default: true
    filename:
      name: filename
      in: query
      description: "**File Name**: The file name (to include file-extension)."
      schema:
        type: string   
        example: ArtifactsExporFile.pdf 
    compress:
      name: compress
      in: query
      description: "**Compress File**: Determines if returned file is compressed."
      schema:
        type: boolean
        enum: [true, false]
        default: true       
    controlAcronyms:
      name: controlAcronyms
      in: query
      description: "**System Acronym**: Filter query by given system acronym (single or common separated)."
      schema:
        type: string
    ccis:
      name: ccis
      in: query
      description: "**CCI System**: Filter query by Control Correlation Identifiers (CCIs)."
      schema:
        type: string
    latestOnly:
      name: latestOnly
      in: query
      description: "**Latest Results Only**: Indicates that only the latest test resultes are retrieved (single or common separated)."
      schema:
        type: boolean
        enum: [true, false]
        default: true                
    scheduledCompletionDateStart:
      name: scheduledCompletionDateStart
      in: query
      description: "**Date Started**: Filter query by the scheduled competion start date."
      schema:
        type: string
    scheduledCompletionDateEnd:
      name: scheduledCompletionDateEnd
      in: query
      description: "**Date Ended**: Filter query by the scheduled competion start date."
      schema:
        type: string
    systemOnly:
      name: systemOnly
      in: query
      description: "**Systems Only**: Indicates that only system(s) information is retrieved."
      schema:
        type: boolean
        enum: [true, false]
        default: true
    description:
      name: description
      in: query
      description: "**Description**: Milestone description information."
      schema:
        type: string    
    scheduledCompletionDate:
      name: scheduledCompletionDate
      in: query
      description: "**Completion Date**: Schedule completion date for milestone."
      schema:
        type: string
  #----------------------------------------------------------------------------
  # Schemas
  #----------------------------------------------------------------------------
  schemas:
    # Requests
    RegisterUser:
      required: [user-uid]
      type: object
      properties:
        user-uid:
          type: string
          example: "USER.TEST121.EMASS"
    # 200 responses
    Test:
      type: object
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: object
          additionalProperties: false
          properties:
            success: 
              type: boolean
              x-faker: random.boolean
              example: true
    Register:
      type: object
      properties:
        meta:
           "$ref": "#/components/schemas/200"
        data:
          type: object
          additionalProperties: false
          properties:
            apikey: 
              type: string
              x-faker: random.uuid
              example: f32516cc-57d3-43f5-9e16-8f86780a4cce  
    SystemResponse1:
      title: "SystemResponse1"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 1
          items:
            $ref: "#/components/schemas/Systems1"
    SystemResponse2:
      title: "SystemResponse2"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 5
          items:
            $ref: "#/components/schemas/Systems2"            
    SystemRolesResponse:
      title: "SystemRolesResponse"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          items:
            type: object
            properties:
              roleCategory:
                type: string
                x-faker: random.word
                default: "PAC"
              role:
                type: string
                x-faker: random.words
                default: "PM/IAM"
    SystemRoleCategoryResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 4
          items:
            $ref: "#/components/schemas/RoleCategory"
    ControlResponse:
      #title: "Successful response"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 5
          items:
            $ref: '#/components/schemas/Controls'
    TestResultslResponse:
      #title: "Successful response"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 5
          items:
            $ref: "#/components/schemas/TestResults"
    PoamResponse:
      #title: "Successful response"
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 5
          items:
            $ref: "#/components/schemas/POAM"
    MilestoneResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          type: array
          maxItems: 10
          items:
            $ref: "#/components/schemas/Milestones"
    ArtifactsGetResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          maxItems: 10
          type: array
          items:
            $ref: '#/components/schemas/Artifacts'
    ArtifactGetExportResponse:
      type: object
      additionalProperties: true
      maxItems: 15
      minItems: 5
    ArtifactsDelResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          maxItems: 1
          minItems: 1
          type: array
          items:
            additionalProperties: false 
    ArtifactsPutPostResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          maxItems: 1
          minItems: 1
          type: array
          items:
            type: object
            additionalProperties: false      
            properties:            
              filename:
                type: string
                description: "[Required] File name should match exactly one file within the provided zip file. 1000 Characters."
                x-faker: system.commonFileName
                example: "AutorizationGuidance.pdf"
              success: 
                type: boolean
                x-faker: random.boolean
                example: true
              systemId:
                type: integer
                format: int64          
                example: 33
                minimum: 1
                maximum: 3000       
    ApprovalCacResponse:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"
        data:
          maxItems: 10
          type: array
          items:
            $ref: '#/components/schemas/ApprovalCac'            
    ApprovalPacResponse1:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"       
        data:
          maxItems: 10
          type: array
          items:
            $ref: '#/components/schemas/ApprovalPac'
    ApprovalPacResponse2:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/200"       
        data:
          type: string
          default: null
          enum:
           - null
  
    #400 Responses
    400Response:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/400"
    404Response:
      type: object
      additionalProperties: false
      properties:
        meta:
          "$ref": "#/components/schemas/404"

# Supporting 200 responses
    # Response when (includeDitprMetrics=False, includeDecommissioned=True, includePackage=True)              
    Systems1:
      title: "SystemResponseIncludeMetrics"
      type: object
      additionalProperties: false
      properties:
        systemId:
          type: integer
          format: int64          
          description: "[Read-only] Unique system record identifier."
          #x-faker: random.number
          example: 803
          minimum: 1
          maximum: 3000
        policy:
          type: string
          description: "[Read-only] RMF/DIACAP Policy identifier for the system record."
          #x-faker: random.word
          example: RMF
          enum:
            - "RMF"          
            - "DIACAP"
            - "Reporting"
        registrationType:
          type: string
          description: "Registration types parameters (assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider.)"
          #x-faker: random.word
          example: "Assess and Authorize"
          enum:
            - "Assess and Authorize"
            - "Assess Only"
            - "Guest"       
            - "Regular"
            - "Functional"
            - "Cloud Service Provider"      
        name:
          type: string
          description: "[Read-only] Name of the system record."
          x-faker: random.word
          example: "System XYZ"
        acronym:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'
          description: "[Read-only] Acronym of the system record."
          #x-faker: finance.bic
          example: "PM-6"
        systemOwner:
          type: string
          description: "[Read-only] Owning organization of the system record."
          x-faker: company.companyName
          example: "DISA"
        description:
          type: string
          description: "[Read-only] Description of the system record."
          x-faker: random.words
          example: "This is a test system for the eMASS API documentation"
        organizationName:
          type: string
          description: "[Read-only] Name of the top-level component that owns the system (e.g. Navy, Air Force, Army, etc..)."
          #x-faker: company.companyName
          example: "Defense Information Systems Agency"
          enum:
            - "Army"
            - "Navy"
            - "Air Force"       
            - "Marines"
            - "DoD"
            - "Defense Information Systems Agency"             
        secondaryOrganization:
          type: string
          description: "[Read-only] Secondary organization that owns the system record (i.e. Sub-Organization-level."
          x-faker: company.companyName
          example: "ID31"
        versionReleaseNo:
          type: string
          description: "[Read-only] Version/Release Number of system record."
          x-faker: system.semver
          example: "V1"
        systemType:
          type: string
          description: "[Read-only] Type of the system record. RMF values include the following options (IS Major Application, IS Enclave, Platform IT System). DIACAP values include the following options (Platform IT, Interconnection, AIS Application)"
          #x-faker: system.commonFileType
          example: "IS Major Application"
          enum:
            - "IS Major Application"
            - "IS Enclave"
            - "Platform IT"       
            - "Platform IT System"
            - "Interconnection"
            - "AIS Application"            
        isNSS:
          type: boolean
          description: "[Read-only] Is the system record a National Security System?"
          x-faker: random.boolean
          example: true
        isPublicFacing:
          type: boolean
          description: "[Read-only] Does the system record have a public facing component/presence."
          x-faker: random.boolean
          example: true          
        coamsId:
          type: integer
          format: int64
          #pattern: '^\d{5}'
          description: "[Read-only] Corresponding Cyber Operational Attributes Management System (COAMS) identifier for the system record."
          example: 93054 
          minimum: 40000
          maximum: 98536
        ditprId:
          type: string
          pattern: '^\d{5}'
          description: "[Read-only] DITPR ID of the system record."
          example: "30498"
        authorizationStatus:
          type: string
          description: |
            [Read-only] Authorization Status of the system record.</br>
              RMF Values
              <ul>
                <li>Authority to Operate (ATO)</li>
                <li>Authority to Operate with Conditions (ATO) w/Conditions)</li>
                <li>Denied Authority to Operate (DATO)</li>
                <li>Not Yet Authorized</li>
                <li>Decommissioned</li>
              </ul>
              DIACAP Values
              <ul>
                <li>Authority to Operate (ATO)</li>
                <li>Interim Authority to Operate (IATO)</li>
                <li>Interim Authority to Test (IATT)</li>
                <li>Denied Authority to Operate (DATO)</li>
                <li>Unaccredited</li>
                <li>Decommissioned</li>
              </ul>  
          example: "Authority to Operate (ATO)"
          enum:
            - "Authority to Operate (ATO)"
            - "Interim Authority to Operate (IATO)"
            - "Interim Authority to Test (IATT)"
            - "Authority to Operate with Conditions (ATO) w/Conditions)"
            - "Denied Authority to Operate (DATO)"
            - "Not Yet Authorized"
            - "Unaccredited"
            - "Decommissioned"
        authorizationDate:
          type: integer
          description: "[Read-only] Authorization Date of the system record."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        authorizationTerminationDate:
          type: integer
          description: "[Read-only] Authorization Termination Date of the system record."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        authorizationLength:
          type: integer
          description: "[Read-only] Length of system’s Authorization. Calculated based off of Authorization Date & Authorization Termination Date."
          example: 365
          minimum: 30
          maximum: 1825           
        termsForAuth:
          type: string
          description: "[Read-only] Terms/Conditions for receiving and maintaining the system’s Authorization. Assigned by the Authorizing Official."
          example: "Terms/Conditions to maintain a valid ATO"
        securityPlanApprovalStatus:
          type: string
          description: "[Read-only] Status of the approval of the system’s RMF Security Plan. Values include the following options (Approved, Denied, Not Yet Approved)."
          example: "Approved"
          enum:
            - "Approved"
            - "Not Yet Approved"  
            - "Denied"        
        securityPlanApprovalDate:
          type: integer
          description: "[Read-only] Approval date of the system’s RMF Security Plan."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        missionCriticality:
          type: string
          description: "[Read-only] Mission Criticality of the system record. Values include the following options (Mission Critical (MC), Mission Essential (ME), Mission Support (MS)."
          example: "Mission Support (MS)"
          enum:
            - "Mission Critical (MC)"
            - "Mission Essential (ME)"
            - "Mission Support (MS)"
        governingMissionArea:
          type: string
          description: |-
            [Read-only] Governing Mission Area of the system record.
            Values include the following options:
            <ul>
              <li>Business MA (BMA)</li>
              <li>DoD portion of the Intelligence MA (DIMA)</li>
              <li>Enterprise Information Environment MA (EIEMA)</li>
              <li>Warfighting MA (WMA)</li>
          example: "DoD portion of the Intelligence MA (DIMA)"
          enum:
            - "Business MA (BMA)"
            - "DoD portion of the Intelligence MA (DIMA)"
            - "Enterprise Information Environment MA (EIEMA)"
            - "Warfighting MA (WMA)"
        geographicalAssociation:
          type: string
          description: "[Read-only] Geographical Association of the system record (VA only)."
          example: "VA Operated IS"
          enum:
            - "VA Operated IS"
        systemOwnership:
          type: string
          description: "[Read-only] Ownership of the system record (VA only)."
          example: "Region 1"
          enum:
            - "Region 1"
            - "Region 2"
            - "Region 4"
            - "Region 5"
        primaryFunctionalArea:
          type: string
          description: |-
            [Read-only] Primary functional area of the system record.
            Values include the following options:
            <ul>
              <li>Allies</li>
              <li>CBRNE</li>
              <li>Civilian Personnel & Readiness</li>
              <li>Command and Control</li>
              <li>Communications</li>
              <li>Communications Security (COMSEC)</li>
              <li>Economic</li>
              <li>Environmental Security</li>
              <li>Facilities</li>
              <li>Finance</li>
              <li>Health/Medical</li>
              <li>Human Resources</li>
              <li>Information Management</li>
              <li>Inspector General</li>
              <li>Intelligence</li>
              <li>Logistics</li>
              <li>Military Personnel and Readiness</li>
              <li>Nuclear</li>
              <li>Nuclear, Chemical, and Biological</li>
              <li>Operations</li>
              <li>Personnel and Readiness</li>
              <li>Procurement/Acquisition</li>
              <li>Reserve Components</li>
              <li>Scientific and Engineering</li>
              <li>Space and Weather</li>
              <li>Test and Evaluation</li>
              <li>Trainers</li>
              <li>Weapons</li>
              <li>Legal</li>
              <li>Transportation</li>
              <li>Not Applicable (N/A)</li>
              <li>Integration and Testing</li>
            </ul>
          example: "Health/Medical"
          enum:
            - "Allies"
            - "CBRNE"
            - "Civilian Personnel & Readiness"
            - "Command and Control"
            - "Communications"
            - "Communications Security (COMSEC)"
            - "Economic"
            - "Environmental Security"
            - "Facilities"
            - "Finance"
            - "Health/Medical"
            - "Human Resources"
            - "Information Management"
            - "Inspector General"
            - "Intelligence"
            - "Logistics"
            - "Military Personnel and Readiness"
            - "Nuclear"
            - "Nuclear, Chemical, and Biological"
            - "Operations"
            - "Personnel and Readiness"
            - "Procurement/Acquisition"
            - "Reserve Components"
            - "Scientific and Engineering"
            - "Space and Weather"
            - "Test and Evaluation"
            - "Trainers"
            - "Weapons"
            - "Legal"
            - "Transportation"
            - "Not Applicable (N/A)"
            - "Integration and Testing"
        secondaryFunctionalArea:
          type: string
          description: |-
            [Read-only] Secondary functional area of the system record.
            Values include the following options:
            <ul>
              <li>Allies</li>
              <li>CBRNE</li>
              <li>Civilian Personnel & Readiness</li>
              <li>Command and Control</li>
              <li>Communications</li>
              <li>Communications Security (COMSEC)</li>
              <li>Economic</li>
              <li>Environmental Security</li>
              <li>Facilities</li>
              <li>Finance</li>
              <li>Health/Medical</li>
              <li>Human Resources</li>
              <li>Information Management</li>
              <li>Inspector General</li>
              <li>Intelligence</li>
              <li>Logistics</li>
              <li>Military Personnel and Readiness</li>
              <li>Nuclear</li>
              <li>Nuclear, Chemical, and Biological</li>
              <li>Operations</li>
              <li>Personnel and Readiness</li>
              <li>Procurement/Acquisition</li>
              <li>Reserve Components</li>
              <li>Scientific and Engineering</li>
              <li>Space and Weather</li>
              <li>Test and Evaluation</li>
              <li>Trainers</li>
              <li>Weapons</li>
              <li>Legal</li>
              <li>Transportation</li>
              <li>Not Applicable (N/A)</li>
              <li>Integration and Testing</li>
            </ul>
          example: "Logistics"
          enum:
            - "Allies"
            - "CBRNE"
            - "Civilian Personnel & Readiness"
            - "Command and Control"
            - "Communications"
            - "Communications Security (COMSEC)"
            - "Economic"
            - "Environmental Security"
            - "Facilities"
            - "Finance"
            - "Health/Medical"
            - "Human Resources"
            - "Information Management"
            - "Inspector General"
            - "Intelligence"
            - "Logistics"
            - "Military Personnel and Readiness"
            - "Nuclear"
            - "Nuclear, Chemical, and Biological"
            - "Operations"
            - "Personnel and Readiness"
            - "Procurement/Acquisition"
            - "Reserve Components"
            - "Scientific and Engineering"
            - "Space and Weather"
            - "Test and Evaluation"
            - "Trainers"
            - "Weapons"
            - "Legal"
            - "Transportation"
            - "Not Applicable (N/A)"
            - "Integration and Testing"          
        primaryControlSet:
          type: string
          description: "[Read-only] Primary Control Set of the system record. RMF values include the following options (NIST SP 800-53 Revision 4), DIACAP values include the following options (DoDI 8500.2)"
          example: "NIST SP 800-53 Revision 4"
          enum:
            - "NIST SP 800-53 Revision 4"
        confidentiality:
          type: string
          description: "[Read-only] Confidentiality of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "Low"
          enum:
            - "High"
            - "Moderate"
            - "Low"          
        integrity:
          type: string
          description: "[Read-only] Integrity of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "Moderate"
          enum:
            - "High"
            - "Moderate"
            - "Low"
        availability:
          type: string
          description: "[Read-only] Availability of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "High"
          enum:
            - "High"
            - "Moderate"
            - "Low"  
        securityReviewDate:
          type: integer
          description: "[Read-only] Date the system record’s Annual Security Review was conducted."
          example: 1531958400
          minimum: 1400000000
          maximum: 1600000000             
        appliedOverlays:
          type: string
          description: |-
            [Read-only] Overlays applied to the system record.<br>
            RMF Values include the following options:
            <ul>
              <li>Classified Information</li>
              <li>Privacy</li>
              <li>Cross Domain Solution (CDS)</li>
              <li>Financial Management</li>
              <li>Intelligence</li>
              <li>Nuclear Command, Communication, Control Systems (NC3)</li>
              <li>Cloud Service Provider (CSP)</li>
            </ul>
          example: "Classified Information" 
          enum:
            - "Classified Information"
            - "Privacy"
            - "Cross Domain Solution (CDS)"
            - "Financial Management"
            - "Intelligence"
            - "Nuclear Command, Communication, Control Systems (NC3)"
            - "Cloud Service Provider (CSP)" 
        rmfActivity:
          type: string
          description: |-
            [Read-only] RMF Activity of the system record.<br>
            RMF Values include the following options:
            <ul>
              <li>Initiate and plan cybersecurity Assessment Authorization</li>
              <li>Implement and validate assigned security controls</li>
              <li>Make assessment determination and authorization decision</li>
              <li>Maintain ATO and conduct reviews</li>
              <li>Decommission</li>
            </ul>
            DIACAP Values include the following options:
            <ul>
              <li>Initiate and plan C&A</li>
              <li>Implement and validate assigned IA controls</li>
              <li>Make certification determination and accreditation decision</li>
              <li>Maintain ATO and conduct reviews</li>
              <li>Decommission</li>
            </ul>
          example: "Maintain ATO and conduct reviews" 
          enum:
            - "Initiate and plan C&A"          
            - "Initiate and plan cybersecurity Assessment Authorization"
            - "Implement and validate assigned security controls"
            - "Make assessment determination and authorization decision"
            - "Maintain ATO and conduct reviews"
            - "Decommission" 
        crossDomainTicket:
          type: string
          description: "[Read-only] Cross Domain Tickets of the system record."
          x-faker: random.words
          example: "Cross Domain Ticket test"
    # Response when (includeDitprMetrics=True)
    Systems2:
      title: "SystemResponseExcludeMetrics"
      type: object
      additionalProperties: false
      properties:
        systemId:
          type: integer
          format: int64          
          description: "[Read-only] Unique system record identifier."
          #x-faker: random.number
          example: 803
          minimum: 1
          maximum: 3000
        policy:
          type: string
          description: "[Read-only] RMF/DIACAP Policy identifier for the system record."
          #x-faker: random.word
          example: RMF
          enum:
            - "RMF"          
            - "DIACAP"
            - "Reporting"
        registrationType:
          type: string
          description: "Registration types parameters (assessAndAuthorize, assessOnly, guest, regular, functional, cloudServiceProvider.)"
          #x-faker: random.word
          example: "Assess and Authorize"
          enum:
            - "Assess and Authorize"
            - "Assess Only"
            - "Guest"       
            - "Regular"
            - "Functional"
            - "Cloud Service Provider"      
        name:
          type: string
          description: "[Read-only] Name of the system record."
          x-faker: random.word
          example: "System XYZ"
        acronym:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'
          description: "[Read-only] Acronym of the system record."
          #x-faker: finance.bic
          example: "PM-6"
        systemOwner:
          type: string
          description: "[Read-only] Owning organization of the system record."
          x-faker: company.companyName
          example: "DISA"
        organizationName:
          type: string
          description: "[Read-only] Name of the top-level component that owns the system (e.g. Navy, Air Force, Army, etc..)."
          #x-faker: company.companyName
          example: "Defense Information Systems Agency"
          enum:
            - "Army"
            - "Navy"
            - "Air Force"       
            - "Marines"
            - "DoD"
            - "Defense Information Systems Agency"             
        versionReleaseNo:
          type: string
          description: "[Read-only] Version/Release Number of system record."
          x-faker: system.semver
          example: "V1"
        systemType:
          type: string
          description: "[Read-only] Type of the system record. RMF values include the following options (IS Major Application, IS Enclave, Platform IT System). DIACAP values include the following options (Platform IT, Interconnection, AIS Application)"
          #x-faker: system.commonFileType
          example: "IS Major Application"
          enum:
            - "IS Major Application"
            - "IS Enclave"
            - "Platform IT"       
            - "Platform IT System"
            - "Interconnection"
            - "AIS Application"            
        authorizationStatus:
          type: string
          description: |
            [Read-only] Authorization Status of the system record.</br>
              RMF Values
              <ul>
                <li>Authority to Operate (ATO)</li>
                <li>Authority to Operate with Conditions (ATO) w/Conditions)</li>
                <li>Denied Authority to Operate (DATO)</li>
                <li>Not Yet Authorized</li>
                <li>Decommissioned</li>
              </ul>
              DIACAP Values
              <ul>
                <li>Authority to Operate (ATO)</li>
                <li>Interim Authority to Operate (IATO)</li>
                <li>Interim Authority to Test (IATT)</li>
                <li>Denied Authority to Operate (DATO)</li>
                <li>Unaccredited</li>
                <li>Decommissioned</li>
              </ul>  
          example: "Authority to Operate (ATO)"
          enum:
            - "Authority to Operate (ATO)"
            - "Interim Authority to Operate (IATO)"
            - "Interim Authority to Test (IATT)"
            - "Authority to Operate with Conditions (ATO) w/Conditions)"
            - "Denied Authority to Operate (DATO)"
            - "Not Yet Authorized"
            - "Unaccredited"
            - "Decommissioned"
        authorizationDate:
          type: integer
          description: "[Read-only] Authorization Date of the system record."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        authorizationTerminationDate:
          type: integer
          description: "[Read-only] Authorization Termination Date of the system record."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        confidentiality:
          type: string
          description: "[Read-only] Confidentiality of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "Low"
          enum:
            - "High"
            - "Moderate"
            - "Low"          
        integrity:
          type: string
          description: "[Read-only] Integrity of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "Moderate"
          enum:
            - "High"
            - "Moderate"
            - "Low"
        availability:
          type: string
          description: "[Read-only] Availability of the system record. RMF values include the following options (High, Moderate, Low)"
          example: "High"
          enum:
            - "High"
            - "Moderate"
            - "Low" 
        ditprId:
          type: string
          pattern: '^\d{5}'
          description: "[Read-only] DITPR ID of the system record."
          example: "93059"                     
        ditprDonId:
          type: string
          pattern: '^\d{4}'
          description: "[Read-only] DITPR-DON identifier of the system record (Navy only)."
          example: "4323"
        mac:
          type: string
          description: "[Read-only] MAC level of the system record. DIACAP values include the following options (I, II, III)"
          example: "II"
          enum:
            - "I"
            - "II"
            - "III"           
        dodConfidentiality:
          type: string
          description: "[Read-only] DoD Confidentiality of the system record. DIACAP values include the following options (Public, Sensitive, Classified)"
          example: "Sensitive" 
          enum:
            - "Public" 
            - "Sensitive" 
            - "Classified"                                     
        contingencyPlanTested:
          type: boolean
          description: "[Read-only] Has the system record’s Contingency Plan been tested?"
          x-faker: random.boolean
          example: true
        contingencyPlanTestDate:
          type: integer
          description: "[Read-only] Date the system record’s Contingency Plan was tested."
          example: 1426957321
          minimum: 1400000000
          maximum: 1600000000          
        securityReviewDate:
          type: integer
          description: "[Read-only] Date the system record’s Annual Security Review was conducted."
          example: 1531958400
          minimum: 1400000000
          maximum: 1600000000          
        hasOpenPoamItem:
          type: boolean
          description: "[Read-only] Does the system record have an Ongoing or Risk Accepted POA&M Item?"
          x-faker: random.boolean          
          example: false
        hasOpenPoamItem90to120PastScheduledCompletionDate:
          type: boolean
          description: "[Read-only] Does the system record have an Ongoing or Risk Accepted POA&M Item 90 to 120 days past it’s Scheduled Completion Date?"
          x-faker: random.boolean          
          example: true
        hasOpenPoamItem120PlusPastScheudledCompletionDate:
          type: boolean
          description: "[Read-only] Does the system record have an Ongoing or Risk Accepted POA&M Item 120 days past it’s Scheduled Completion Date?"
          x-faker: random.boolean
          example: false  

    RoleCategory:
      title: System Roles
      type: object
      additionalProperties: false      
      properties:   
        systemId:
          type: integer
          format: int64          
          description: "[Read-only] Unique system record identifier."
          #x-faker: random.number
          example: 803
          minimum: 1
          maximum: 3000          
        systemName:
          type: string
          description: "[Read-only] Name of the system record."
          #x-faker: random.word
          example: "Test system 1"
          enum:
            - "Test system 1"
            - "Test system 2"
            - "Test system 3"
            - "Test system 4"                                    
        systemAcronym:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'          
          description: "[Read-only] Acronym of the system record."
          example: "S-XYZ"
        roles:
          type: array
          maxItems: 1
          items:
            $ref: "#/components/schemas/Roles"
    Roles:
      title: Role
      type: object
      additionalProperties: false
      properties:
        roleCategory:
          type: string
          example: "PAC"
          enum: ["CAC","PAC","Other"]
        role:
          type: string
          example: "AO"
          enum: ["AO","Auditor","Artifact Manager","C&A Team","IAO","PM/IAM","SCA","User Rep (View Only)", "Validator (IV&V)"]
        users:
          type: array
          maxItems: 1
          items:
            $ref: "#/components/schemas/Users"
    Users:
      title: Users
      type: object
      additionalProperties: false      
      properties:
        firstName:
          type: string
          x-faker: name.firstName
          example: "John"
        lastName: 
          type: string
          x-faker: name.lastName
          example: "Smith"
        email:
          type: string
          format: email
          x-faker: internet.email
          example: "John.Smith@hb.com"
    Controls:
      title: System Control
      type: object
      additionalProperties: false
      properties:
        systemId:
          type: integer
          format: int64          
          description: "[Required] Unique system record identifier."
          #x-faker: random.number({min:1, max:3000})
          example: 803
          minimum: 1
          maximum: 3000          
        name:
          type: string
          description: "[Read-only] Name of the system record."
          x-faker: random.word
          example: "System XYZ"
        acronym:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'          
          description: "[Required] Acronym of the system record."
          #x-faker: finance.bic
          example: "AC-3"
        ccis:
          type: string
          pattern: '^\d{5,6},\d{5,6}'
          description: "[Read-only] Comma separated list of CCIs associated with the control."
          example: "000001,000002"          
        isInherited:
          type: boolean
          description: "[Read-only] Indicates whether a control is inherited."
          x-faker: random.boolean          
          example: true
        modifiedByOverlays:
          type: string
          description: "[Read-only] List of overlays that affect the control."
          #x-faker: random.word
          example: "Requirements" 
          enum:
            - "Privacy"
            - "Requirements"
            - "Concurrency"
        includedStatus:
          type: string
          description: "[Read-only] Indicates the manner by which a control was included in the system’s categorization."
          #x-faker: random.word
          example: "Manually" 
          enum:
           - "Mandated"
           - "Manually"
           - "Inherent"
        complianceStatus:
          type: string
          description: "[Read-only] Compliance of the control."
          x-faker: random.word
          example: "Status" 
        responsibleEntities:
          type: string
          description: "[Required] Include written description of Responsible Entities that are responsible for the Security Control. Character Limit = 2,000."
          #x-faker: random.word
          example: "Unknown" 
          enum:
           - "Compliant"
           - "Non-Compliant"
           - "Unknown"
        implementationStatus:
          type: string
          description: |-
            [Optional] Implementation Status of the Security Control for the information system.<br>
            Values include the following options:
            <ul>
              <li>Planned</li>
              <li>Implemented</li>
              <li>Inherited</li>
              <li>Not Applicable</li>
              <li>Manually Inherited</li>
            </ul>
          #x-faker: random.word
          example: "Planned"
          enum:
            - "Planned"
            - "Implemented"
            - "Inherited"
            - "Not Applicable"
            - "Manually Inherited"
        commonControlProvider:
          type: string
          description: |-
            [Conditional] Indicate the type of Common Control Provider for an “Inherited” Security Control.<br>
            Values include the following options:
            <ul>
              <li>DoD</li>
              <li>Component</li>
              <li>Enclave</li>
            </ul>
          #x-faker: random.word
          example: "DoD"       
          enum:
            - "DoD"
            - "Component"
            - "Enclave"  
        naJustification:
          type: string
          description: "[Conditional] Provide justification for Security Controls deemed Not Applicable to the system."
          #x-faker: random.word
          example: "System EOL within 120 days"  
          enum:
            - "System EOL within 30 days"
            - "System EOL within 60 days"
            - "System EOL within 120 days"
            - "Unknown"
        controlDesignation:
          type: string
          description: |-
            Values include the following options:<br>
            <ul>
              <li>Common</li>
              <li>System-Specific</li>
              <li>Hybrid</li>
            </ul>        
          #x-faker: random.word
          example: "Common" 
          enum:
            - "Common"
            - "System-Specific"
            - "Hybrid" 
        estimatedCompletionDate:
          type: integer
          description: "[Required] Field is required for Implementation Plan."
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000
        comments:
          type: string
          description: "[Required] Includes security control comments. Character Limit = 2,000."
          x-faker: random.words
          example: "Comments text." 
        slcmCriticality:
          type: string
          description: "[Conditional] Criticality of Security Control regarding SLCM. Character Limit = 2,000."
          x-faker: random.word
          example: "Text content" 
        slcmFrequency:
          type: string
          description: |-
            [Conditional] Values include the following options:<br>
            <ul>
              <li>Constantly</li>
              <li>Daily</li>
              <li>Weekly</li>
              <li>Monthly</li>
              <li>Quarterly</li>
              <li>Semi-Annually</li>
              <li>Annually</li>
              <li>Undetermined</li>
            </ul>        
          #x-faker: random.word
          example: "Annually" 
          enum:
            - "Constantly"
            - "Daily"
            - "Weekly"       
            - "Monthly"
            - "Quarterly"
            - "Semi-Annually"  
            - "Annually"
            - "Undetermined"                             
        slcmMethod:
          type: string
          description: |-
            [Conditional] Values include the following options:<br>
            <ul>
              <li>Automated</li>
              <li>Semi-Automated</li>
              <li>Manual</li>
              <li>Undetermined</li>
            </ul>        
          #x-faker: random.word
          example: "Automated" 
          enum:
            - "Automated"
            - "Semi-Automated"
            - "Manual"       
            - "Undetermined"            
        slcmReporting:
          type: string
          description: "[Conditional] Method for reporting Security Control for SLCM. Character Limit = 2,000."
          x-faker: random.word
          example: "Text content" 
        slcmTracking:
          type: string
          description: "[Conditional] How Non-Compliant Security Controls will be tracked for SLCM. Character Limit = 2,000."
          x-faker: random.word
          example: "Text content" 
        slcmComments:
          type: string
          description: "[Conditional] Additional comments for Security Control regarding SLCM. Character Limit = 4,000."
          x-faker: random.word
          example: "Text content" 
        severity:
          type: string
          description: "[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"            
        vulnerabiltySummary:
          type: string
          description: "[Optional] Include vulnerability summary. Character Limit = 2,000."
          x-faker: random.words
          example: "Text content" 
        recommendations:
          type: string
          description: "[Optional] Include recommendations. Character Limit = 2,000."
          x-faker: random.words
          example: "Text content"           
        relevanceOfThreat:
          type: string
          description: "[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"           
        likelihood:
          type: string
          description: "[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"            
        impact:
          type: string
          description: "[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"            
        impactDescription:
          type: string
          description: "[Optional] Include description of Security Control’s impact."
          x-faker: random.words
          example: "Impact text"
        residualRiskLevel:
          type: string
          description: "[Optional] Values include the following options (Very Low, Low, Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High" 
                
    TestResults:
      title: Test Results
      type: object
      additionalProperties: false      
      properties:
        # systemId:
        #   type: integer
        #   format: int64          
        #   description: "[Required] Unique eMASS identifier. Will need to provide correct number"
        #   #x-faker: random.number
        #   example: 803
        #   minimum: 1
        #   maximum: 3000          
        control:
          type: string
          description: "[Read-Only] Control acronym associated with the test result. NIST SP 800-53 Revision 4 defined."
          x-faker: finance.bic
          example: “AC-3”
        ccis:
          type: string
          pattern: '^\d{5,6},\d{5,6}'
          description: "[Required] CCI associated with test result."
          #x-faker: random.word
          example: "000001,000002"   
        isInherited:
          type: boolean
          description: "[Read-only] Indicates whether a test result is inherited."
          x-faker: random.boolean          
          example: true
        testedBy:
          type: string
          description: "[Required] Last Name, First Name. 100 Characters."
          x-faker: name.findName
          example: "Smith, Joe"
        testDate:
          type: integer
          format: int64
          description: "[Required] Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1496581500
          minimum: 1400000000
          maximum: 1600000000          
        description:
          type: string
          description: "[Required] Include description of test result. 4000 Characters."
          x-faker: random.words
          example: "Test result description"
        type:
          type: string
          description: "[Read-Only] Indicates the location in the Control Approval Chain when the test result is submitted."
          #x-faker: random.word
          example: "Self-Assessment"  
          enum: ["Self-Assessment", "Schedule-Assessment"]        
        complianceStatus:
          type: string
          description: |-
            [Required] Values include the following options:<br>
            <ul>
              <li>Compliant</li>
              <li>Non-Compliant</li>
              <li>Not Applicable</li>
            </ul>        
          #x-faker: random.word
          example: "Compliant" 
          enum: 
            - "Compliant"
            - "Non-Compliant"
            - "Not Applicable"
    POAM:
      title: POAM
      type: object
      additionalProperties: false       
      properties:
        # systemId:
        #   type: integer
        #   format: int64          
        #   description: "[Required] Unique eMASS system identifier."
        #   #x-faker: random.number
        #   example: 830
        #   minimum: 1
        #   maximum: 3000          
        poamId:
          type: integer
          format: int64          
          description: "[Required] Unique item identifier"
          #x-faker: random.number
          example: 45
          minimum: 1
          maximum: 300            
        isInherited:
          type: boolean
          description: "[Read-only] Indicates whether a test result is inherited."
          x-faker: random.boolean          
          example: true
        externalUid:
          type: string
          description: "[Optional] Unique identifier external to the eMASS application for use with associating POA&Ms. 100 Characters."
          x-faker: random.word
          example: “9834556”        
        controlAcronyms:
          type: string
          #pattern: '^[A-Z0-9-]{3,6}'          
          description: "[Read-Only] System acronym name."
          x-faker: finance.bic
          example: “AC-3”
        ccis:
          type: string
          pattern: '^\d{5,6},\d{5,6}'
          description: "[Required] CCI associated with test result."
          #x-faker: random.word
          example: "000001,000002"
        systemOnly:
          type: boolean
          description: "[Read-only] Indicates whether to include systems only."
          x-faker: random.boolean          
          example: true
        severity:
          type: string
          description: "[Conditional] Required for approved items. Values include the following options (Very Low,Low,Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"            
        rawSeverity:
          type: string
          description: "[Optional] Values include the following options (I,II,III)"
          #x-faker: random.word
          example: "I"
          enum:
            - "I"
            - "II"
            - "III"       
        status:
          type: string
          description: "[Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable"
          #x-faker: random.word
          example: "Completed"
          enum:
            - "Ongoing"
            - "Risk Accepted"
            - "Completed"       
            - "Not Applicable"
        reviewStatus:
          type: string
          description: "OPTIONAL/REQUIRED Values include the following options: (Not Approved,Under Review,Approved)"
          #x-faker: random.word
          example: "Under Review"        
          enum:
            - "Not Approved"
            - "Under Review"
            - "Approved"            
        scheduledCompletionDate:
          type: integer
          format: int64
          description: "[Conditional] Required for ongoing and completed POA&M items. Unix time format."
          #x-faker: random.number #time.recent
          example: 1499644800
          minimum: 1400000000
          maximum: 1600000000            
        completionDate:
          type: integer
          format: int64
          description: "[Conditional] Field is required for completed POA&M items. Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1505916276
          minimum: 1400000000
          maximum: 1600000000            
        extensionDate:
          type: integer
          format: int64
          description: >
            [Read-Only] Value returned for a POA&M Item with review status
            Approved” and has a milestone with a scheduled completion date
            that extends beyond the POA&M Item’s scheduled completion date.
          #x-faker: time.recent
          #x-faker: random.number
          example: 1505916298
          minimum: 1400000000
          maximum: 1600000000            
        scheduledCompletionDateStart:
          type: integer
          format: int64
          description: "[Required] Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1499644800
          minimum: 1400000000
          maximum: 1600000000            
        scheduledCompletionDateEnd:
          type: integer
          format: int64
          description: "[Required] Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1499990400  
          minimum: 1400000000
          maximum: 1600000000                    
        pocOrganization:
          type: string
          description: "[Required] Organization/Office represented. 100 Characters."
          x-faker: company.companyName
          example: "Army"          
        pocFirstName:
          type: string
          description: "[Required] First name of POC. 100 Characters."
          x-faker: name.firstName
          example: "John"           
        pocLastName:
          type: string
          description: "[Required] Last name of POC. 100 Characters."
          x-faker: name.lastName
          example: "Smith"           
        pocEmail:
          type: string
          description: "[Required] Email address of POC. 100 Characters."
          x-faker: internet.email
          example: "smith@ah.com"           
        pocPhoneNumber:
          type: string
          description: "[Required] Phone number of POC (area code) ***-**** format. 100 Characters."
          x-faker: phone.phoneNumber.email
          example: "555-555-5555"     
        vulnerabilityDescription:
          type: string
          description: "[Required] Provide a description of the POA&M Item. 2000 Characters."
          x-faker: random.words
          example: "Description text" 
        mitigation:
          type: string
          description: "[Optional] Include mitigation explanation. 2000 Characters."
          x-faker: random.words
          example: "Mitigation text"
        comments:
          type: string
          description: "[Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters"
          x-faker: random.words
          example: "Comments text." 
        resources:
          type: string
          description: "[Optional] List of resources used. 250 Characters."
          x-faker: random.words
          example: "Resource text." 
        sourceIdentVuln:
          type: string
          description: "[Required] Include Source Identifying Vulnerability text. 2000 Characters."
          x-faker: random.words
          example: "Source Indentifying Vulnerability text" 
        securityChecks:
          type: string
          description: "[Optional] Security Checks that are associated with the POA&M."
          x-faker: random.words
          example: "SV-25123r1_rule,2016-A-0279" 
        recommendations:
          type: string
          description: "[Optional] Include recommendations. Character Limit = 2,000."
          x-faker: random.words
          example: "Recommendations text" 
        relevanceOfThreat:
          type: string
          description: "[Optional] Values include the following options: (Very Low,Low,Moderate,High,Very High)"
          #x-faker: random.word
          example: "Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"             
        likelihood:
          type: string
          description: "[Optional] Values include the following options: (Very Low,Low,Moderate,High,Very High)"
          #x-faker: random.word
          example: "Moderate"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"             
        impact:
          type: string
          description: "[Optional] Values include the following options: (Very Low,Low,Moderate,High,Very High)"
          #x-faker: random.word
          example: "High"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"             
        impactDescription:
          type: string
          description: "[Optional] Include description of Security Control’s impact."
          x-faker: random.words
          example: "Impact Description text" 
        residualRiskLevel:
          type: string
          description: "[Optional] Values include the following options: (Very Low,Low,Moderate,High,Very High)"
          #x-faker: random.word
          example: "Very Low"
          enum:
            - "Very Low"
            - "Low"
            - "Moderate"       
            - "High"
            - "Very High"
        milestones:
          type: array
          maxItems: 3
          items:
            $ref: "#/components/schemas/Milestones"
    Milestones:
      title: Milestones
      type: object
      additionalProperties: false       
      properties:
        systemId:
          type: integer
          format: int64          
          description: "[Required] Unique eMASS system identifier."
          #x-faker: random.number
          example: 830
          minimum: 1
          maximum: 3000          
        milestoneId:
          type: integer
          format: int64          
          description: "[Required] Unique item identifier"
          #x-faker: random.number
          example: 19
          minimum: 1
          maximum: 300                      
        poamId:
          type: integer
          format: int64          
          description: "[Required] Unique item identifier"
          #x-faker: random.number
          example: 45
          minimum: 1
          maximum: 300          
        description:
          type: string
          description: "[Optional] Include milestone description."
          x-faker: random.words
          example: "Description text" 
        scheduledCompletionDate:
          type: integer
          format: int64
          description: "[Conditional] Required for ongoing and completed POA&M items. Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1499644800
          minimum: 1400000000
          maximum: 1600000000            
    PostMilestones:
      title: PostMilestones
      type: object
      additionalProperties: false      
      properties:
        poamId:
          type: integer
          format: int64          
          description: "[Required] Unique item identifier"
          #x-faker: random.number
          example: 45 
          minimum: 1
          maximum: 300                 
        description:
          type: string
          description: "[Optional] Include milestone description."
          x-faker: random.words
          example: "Description text" 
        scheduledCompletionDate:
          type: integer
          format: int64
          description: "[Conditional] Required for ongoing and completed POA&M items. Unix time format."
          #x-faker: random.numnber
          example: 1499644800
          minimum: 1400000000
          maximum: 1600000000             
    PutMilestones:
      title: PutMilestones
      type: object
      additionalProperties: false      
      properties:
        milestoneId:
          type: integer
          format: int64          
          description: "[Required] Unique item identifier"
          #x-faker: random.number
          example: 19
          minimum: 1
          maximum: 300            
        description:
          type: string
          description: "[Optional] Include milestone description."
          x-faker: random.words
          example: "Description text" 
        scheduledCompletionDate:
          type: integer
          format: int64
          description: "[Conditional] Required for ongoing and completed POA&M items. Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1499644800
          minimum: 1400000000
          maximum: 1600000000            

    Artifacts:
      title: Artifacts
      type: object
      additionalProperties: false      
      properties:
        systemId:
          type: integer
          format: int64          
          description: "[Required] Unique eMASS system identifier."
          #x-faker: random.number
          example: 35
          minimum: 1
          maximum: 3000          
        filename:
          type: string
          description: "[Required] File name should match exactly one file within the provided zip file. 1000 Characters."
          x-faker: system.commonFileName
          example: "AutorizationGuidance.pdf"
        isInherited:
          type: boolean
          description: "[Read-only] Indicates whether an artifact is inherited."
          x-faker: random.boolean          
          example: true
        description:
          type: string
          description: "[Optional] Artifact description. 2000 Characters."
          x-faker: random.words
          example: "Artifact description text"
        isArtifactTemplate:
          type: boolean
          description: "[Read-only] Indicates whether an artifact template."
          x-faker: random.boolean          
          example: false        
        type:
          type: string
          description: "[Required] Values include the following options: (Procedure,Diagram,Policy,Labor,Document,Image,Other,Scan Result)"
          #x-faker: random.word
          example: "Policy"
          enum:
            - "Procedure"
            - "Diagram"
            - "Policy"       
            - "Labor"
            - "Document"
            - "Image"
            - "Other"
            - "Scan Result"
        category:
          type: string
          description: "[Required] Values include the following options: (Implementation Guidance,Evidence). May also accept custom artifact category values set by system administrators."
          #x-faker: random.word
          example: "Change Request"
          enum:
            - "Implementation Guidance"
            - "Evidence"
            - "Change Request"       
        refPageNumber:
          type: string
          description: "[Optional] Artifact reference page number. 50 Characters."
          x-faker: random.words
          example: "Reference page number"
        controls:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'          
          description: "[Optional] Control acronym associated with the artifact. NIST SP 800-53 Revision 4 defined."
          #x-faker: finance.bic
          example: "AC-8,AC-2(4)"
        ccis:
          type: string
          pattern: '^\d{5,6},\d{5,6}'
          description: "[Required] CCI associated with test result."
          #x-faker: random.word
          example: "000001,000002" 
        mimeContentType:
          type: string
          description: "[Read-Only] Standard MIME content type derived from file extension."
          x-faker: system.mimeType
          example: "application/zip" 
        fileSize:
          type: string
          description: "[Read-Only] File size of attached artifact."
          x-faker: random.number
          example: "4MB" 
        artifactExpirationDate:
          type: integer
          format: int64
          description: "[Optional] Date Artifact expires and requires review. In Unix Date format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1549036926 
          minimum: 1400000000
          maximum: 1600000000            
        lastReviewDate:
          type: integer
          format: int64
          description: "[Conditional] Date Artifact was last reviewed.. Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1549036928
          minimum: 1400000000
          maximum: 1600000000            
    PutArtifacts:
      title: PutArtifacts
      type: object
      additionalProperties: false      
      properties:
        filename:
          type: string
          description: "[Required] File name should match exactly one file within the provided zip file. 1000 Characters."
          x-faker: system.commonFileName
          example: "AutorizationGuidance.pdf"
        description:
          type: string
          description: "[Optional] Artifact description. 2000 Characters."
          x-faker: random.words
          example: "Artifact description text"
        isTemplate:
          type: boolean
          description: "[Read-only] Indicates it is an artifact template."
          x-faker: random.boolean          
          example: false        
        type:
          type: string
          description: "[Required] Values include the following options: (Procedure,Diagram,Policy,Labor,Document,Image,Other,Scan Result)"
          #x-faker: random.word
          example: "Policy"
          enum:
            - "Procedure"
            - "Diagram"
            - "Policy"       
            - "Labor"
            - "Document"
            - "Image"
            - "Other"
            - "Scan Result"          
        category:
          type: string
          description: "[Required] Values include the following options: (Implementation Guidance,Evidence). May also accept custom artifact category values set by system administrators."
          #x-faker: random.word
          example: "Change Request"
          enum:
            - "Implementation Guidance"
            - "Evidence"
            - "Change Request"            
        refPageNumber:
          type: string
          description: "[Optional] Artifact reference page number. 50 Characters."
          x-faker: random.words
          example: "Reference page number"
        controls:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'          
          description: "[Optional] Control acronym associated with the artifact. NIST SP 800-53 Revision 4 defined."
          #x-faker: finance.bic
          example: "AC-8,AC-2(4)"
        ccis:
          type: string
          pattern: '^\d{5,6},\d{5,6}'
          description: "[Required] CCI associated with test result."
          #x-faker: random.word
          example: "000001,000002" 
        artifactExpirationDate:
          type: integer
          format: int64
          description: "[Optional] Date Artifact expires and requires review. In Unix Date format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1549036928
          minimum: 1400000000
          maximum: 1600000000            
        lastReviewDate:
          type: integer
          format: int64
          description: "[Conditional] Date Artifact was last reviewed.. Unix time format."
          #x-faker: time.recent
          #x-faker: random.number
          example: 1549036928
          minimum: 1400000000
          maximum: 1600000000
    DeleteArtifacts:
      title: DeleteArtifacts
      type: array
      maxItems: 4
      items:
        type: object
        additionalProperties: false      
        properties:
          filename:
            type: string
            description: "[Required] File name should match exactly one file within the provided zip file. 1000 Characters."
            x-faker: system.commonFileName
            example: "AutorizationGuidance.pdf"                
    ApprovalCac:
      title: ApprovalCac
      type: object
      additionalProperties: false      
      properties:
        controlAcronyms:
          type: string
          pattern: '^[A-Z0-9-]{3,6}'
          description: "[Read-Only] System acronym name."
          #x-faker: finance.bic
          example: "AC-3"
        complianceStatus:
          type: string
          description: "[Read-only] Compliance of the control."
          #x-faker: random.word
          example: "Compliant" 
          enum:
            - "Compliant"
            - "Not Compliant"
            - "No Status"
        currentRole:
          type: string
          description: "[Read-Only] Current role."
          x-faker: random.word
          example: "SCA-V" 
        currentStep:
          type: integer
          description: "[Read-Only] Current step in the Control Approval Chain."
          example: 1
          minimum: 2
          maximum: 20          
        totalSteps:
          type: integer
          description: "[Read-Only] Total number of steps in Control Approval Chain."
          example: 2
          minimum: 20
          maximum: 45                  
    PostApprovalCac:
      title: PostApprovalCac
      type: object
      additionalProperties: false      
      properties:
        controlAcronyms:
          type: string
          #pattern: '^[A-Z0-9-]{3,6}'
          description: "[Read-Only] System acronym name."
          x-faker: finance.bic
          example: "AC-3"
        comments:
          type: string
          description: "[Conditional] Character Limit = 2,000."
          x-faker: random.words
          example: "Comments text." 
    ApprovalPac:
      title: ApprovalPac
      type: object
      properties:
        type:
          type: string
          description: "[Required] Values include the following:(Assess and Authorize, Assess Only, Security Plan)"
          example: "Assess and Authorize" 
          enum:
            - "Assess and Authorize"
            - "Assess Only"
            - "Security Plan"        
        name:
          type: string
          description: "[Required] Package name. 100 Characters."
          x-faker: random.word
          example: "Package name text" 
        currentRole:
          type: string
          description: "[Read-Only] Current role in active package."
          x-faker: random.word
          example: "SCA-R" 
        currentStep:
          type: integer
          description: "[Read-Only] Current step in the Package Approval Chain."
          example: 4
          minimum: 2
          maximum: 20
        totalSteps:
          type: integer
          description: "[Read-Only] Total number of steps in Package Approval Chain."
          example: 6 
          minimum: 20
          maximum: 45      
    PostApprovalPac:
      title: PostApprovalPac
      type: object
      additionalProperties: false      
      properties:
        type:
          type: string
          description: "[Required] Values include the following:(Assess and Authorize, Assess Only, Security Plan)"
          example: "Assess and Authorize"
          enum:
            - "Assess and Authorize"
            - "Assess Only"
            - "Security Plan"                      
        name:
          type: string
          description: "[Required] Package name. 100 Characters."
          x-faker: random.word
          example: "Package name text" 
        comments:
          type: string
          description: "[Conditional] Character Limit = 2,000."
          x-faker: random.words
          example: "Comments text." 
          
    "200":
      title: OK
      type: object
      additionalProperties: false
      properties:
        code:
          type: integer
          format: int32
          minimum: 200
          maximum: 200
          default: 200
    "400":
      title: BadRequest
      type: object
      additionalProperties: false
      properties:
        code:
          type: integer
          format: int32
          minimum: 400
          maximum: 400
          default: 400
        errorMessage:
          type: string
          default: "Bad Request"
    "401":
      title: "Unauthorized"
      type: string
      example: "Request requires user authentication"
    "404":
      title: "NotFound"
      type: object
      additionalProperties: false
      properties:
        code:
          type: integer
          format: int32
          minimum: 404
          maximum: 404
          default: 404
        errorMessage:
          type: string
          default: "System not available"      
    "480":
      title: "Business Rule Failed"
      type: string
      example: "Business rule is violated that prevents the requested action"
    "490":
      title: "API Rule Failed"
      type: string
      example: "Rule exclusive to the API is violated that prevents the requested action"

    # Schema for error response body
    Error:
      title: "ResponseDefaultError"
      type: object
      properties:
        code:
          type: string
        message:
          type: string
      required:
        - code
        - message
    # Response envelop (SUCCESS):
    #   description: If a request to the eMASS REST API is successful, it will return with a structured JSON response envelope.
    #   type: object
    #   properties:
    #     meta:
    #       type: object
    #       properties:
    #         code:
    #           type: integer
    #           example: 200, 201
    #     data:
    #       type: object
    #     pagination:
    #       type: object
    #       properties:
    #         totalCount:
    #           type: integer
    #           example: 500
    #         totalPages:
    #           type: integer
    #           example: 20
    #         prevPageUrl:
    #           type: string
    #         nextPageUrl:
    #           type: string
    # Response envelop (error):
    #   description: If a request to the eMASS REST API is unsuccessful, it will return an error code and a relevant message where applicable.
    #   type: object
    #   properties:
    #     meta:
    #       type: object
    #       properties:
    #         code:
    #           type: integer
    #           example: |
    #              400, 401, 500
    #              eMASS specific client errors (4xx)
    #              480: Business Rule Failed
    #              490: API Rule Failed
    #         errorMeassage: 
    #          type: string
  # Security schemes
  securitySchemes:
    apikey:
      type: apiKey
      #type: https
      #scheme: basic      
      in: header
      name: api-key
      description: "This API key must be provided in the request header for all endpoint calls. (The dev test server API key is `c1997ce5-57f3-479e-b21e-593657c60552`.)"
    userid:
      type: apiKey
      in: header
      name: user-uid
      description: >
        This User unique identifier key must be provided in the request header for all PUT,
        POST, and DELETE endpoint calls.<br>
        Note: For DoD users this is the DoD ID Number (EIDIPI) on their DoD CAC.
        (If you don't have an API key, use `USER.TEST121.EMASS`.)

#------------------------------------------------------------------------------
# S E C U R I T Y
#------------------------------------------------------------------------------
security:
  - apikey: []  
  - userid: []