{"openapi":"3.1.0","info":{"title":"Tech Risk & Compliance - IT Risk Management","description":"The IT Risk Management API provides comprehensive REST endpoints for managing enterprise security controls, threats, vulnerabilities, and their implementations with OAuth2 security and extensive customization capabilities.","version":"1.0","contact":{"name":"OneTrust Support","url":"https://my-onetrust-com.surrey.idm.oclc.org/s/contactsupport"},"license":{"name":"Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0"}},"servers":[{"url":"https://{hostname}","variables":{"hostname":{"default":"hostname","description":"The OneTrust hostname such as app.onetrust.com, app-eu.onetrust.com, app-de.onetrust.com, app-uk.onetrust.com, app-apac.onetrust.com, trial.onetrust.com, or uat.onetrust.com."}}}],"tags":[{"name":"Control Implementations","description":"APIs to handle control implementation operations including creation, updates, entity associations, attachment management, and comprehensive search across multiple entity types.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Control Implementations"},{"name":"Control Links","description":"APIs to create and manage relationships between controls through bulk linking operations with support for various relationship types and custom parameters.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Control Links"},{"name":"Controls","description":"APIs to manage the complete control lifecycle including creation, updates, deletion, retrieval, and entity type management with framework integration and custom attributes.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Controls"},{"name":"Entity Types","description":"APIs to manage risk entity types and source entity types, including retrieval of enabled entity configurations for risk associations.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Entity Types"},{"name":"Evidence Task Implementations","description":"APIs to manage evidence collection tasks including implementation retrieval, attachment handling (files, links, notes), and comprehensive search with interval-based collection tracking.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Evidence Task Implementations"},{"name":"Risk Actions","description":"APIs to manage risk workflow actions including submissions, approvals, exceptions, and stage transitions within the risk lifecycle.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Risk Actions"},{"name":"Risk Management","description":"APIs to manage risk configurations, scoring settings, categories, and metadata used across the risk management system.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Risk Management"},{"name":"Risk Relationships","description":"APIs to manage relationships between risks and other entities including threats, vulnerabilities, controls, and inventory items.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Risk Relationships"},{"name":"Risk Templates","description":"APIs to manage risk template retrieval operations, enabling users to access detailed risk template information including inherent and target risk levels, associated threats and vulnerabilities, control mappings, risk categories, and custom attribute values for comprehensive risk assessment and management.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Risk Templates"},{"name":"Risks","description":"APIs to manage the complete risk lifecycle including creation, updates, deletion, search, and retrieval of risk details and attributes.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Risks"},{"name":"Threats","description":"APIs to handle threat library operations including threat creation, modification, deletion, and comprehensive search functionality with framework and category support.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Threats"},{"name":"Vulnerabilities","description":"APIs to manage vulnerabilities in the vulnerability library including creation, updates, deletion, and retrieval with support for bulk operations and custom attributes.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"x-displayName":"Vulnerabilities"}],"paths":{"/api/controls/v1/control-implementation-attributes/search":{"post":{"operationId":"findAllControlImplementationsAttributesAndOptionsByUsingPOST","summary":"Search Control Implementation Attributes","description":"Use this API to search for control implementation attributes by key terms and filters.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeQueryCriteria"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/control-implementations/pages":{"post":{"operationId":"findAllControlImplementationsUsingPOST","summary":"Get List of Control Implementations","description":"Use this API to retrieve a list of all control implementations. The response will include relevant details for each control implementation, including framework and category details and associated attributes.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["number,asc","number,desc","primaryEntityName,asc","primaryEntityName,desc","primaryEntityType,asc","primaryEntityType,desc","controlIdentifier,asc","controlIdentifier,desc","controlName,asc","controlName,desc","frameworkName,asc","frameworkName,desc","categoryName,asc","categoryName,desc","effectiveness,asc","effectiveness,desc","maturityName,asc","maturityName,desc","status,asc","status,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"number,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageControlImplementationDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/control-implementations/{guid}":{"get":{"operationId":"getControlImplementationDetailsUsingGET","summary":"Get Control Implementation","description":"Use this API to retrieve a single control implementation by its unique identifier along with the associated attributes, category, and framework details.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"guid","in":"path","description":"ID of the control entity implementation.","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlImplementationDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]},"put":{"operationId":"updateControlImplementationByImplementationIdUsingPUT","summary":"Update Control Implementation","description":"Use this API to update the attributes of a specific control implementation.\n\n> 🗒 Things to Know\n> \n> - The [Update Control](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/updatecontrolusingput_1) API can be used to update the attributes of a control in the Controls Library.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"guid","in":"path","description":"ID of the control entity implementation.","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlImplementationUpdateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlImplementationDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]},"delete":{"operationId":"removeControlImplementationByEntityAndImplementationIdUsingDELETE","summary":"Delete Control Implementation","description":"Use this API to delete a control implementation from an entity.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"entityId","in":"query","description":"ID of the entity. The value can be obtained using [Get List of Control Implementations by Entity](/onetrust/reference/findallcontrolimplementationsusingpost) API.","required":true,"schema":{"type":"string","format":"uuid"}},{"name":"guid","in":"path","description":"ID of the control implementation. The value can be obtained using [Get List of Control Implementations by Entity](/onetrust/reference/findallcontrolimplementationsusingpost) API.","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/control-implementations/{guid}/attachments":{"post":{"operationId":"addAttachmentsToImplementationUsingPOST","summary":"Attach Files to Control Implementation","description":"Use this API to attach a list of files to a specific control implementation.\n\n> 🗒 Things to Know\n> \n> - The files must first be uploaded to the OneTrust application using the [Upload File](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/fileupload) API. The `Id` and `Name` parameter values returned in the [Upload File](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/fileupload) API response are required in the request body for this API.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"guid","in":"path","description":"ID of the control implementation. The value can be obtained using [Get List of Control Implementations by Entity](/onetrust/reference/findallcontrolimplementationsusingpost) API.","required":true,"schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ImplementationAttachmentCreateRequest"}}}},"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/controls":{"post":{"operationId":"addControlUsingPOST","summary":"Create Control","description":"Use this API to create a new control in the Controls Library.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlCreateRequestDto"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IdResponseUUID"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/controls/pages":{"post":{"operationId":"findControlsByCriteriaUsingPOST_1","summary":"Get List of Controls","description":"Use this API to retrieve a list of all controls by key terms and filters. The response will include relevant details for each control, including framework and category details and associated attributes.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["identifier,asc","identifier,desc","name,asc","name,desc","frameworkName,asc","frameworkName,desc","status,asc","status,desc","categoryName,asc","categoryName,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"name,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageControlDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/controls/{controlId}":{"put":{"operationId":"updateControlUsingPUT_1","summary":"Update Control","description":"Use this API to update the attributes of a specific control in the Controls Library.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"controlId","in":"path","description":"ID of the control. This value is obtained using [Get List of Controls](/onetrust/reference/findcontrolsbycriteriausingpost_1) API.","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlUpdateRequestDto"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlDetailInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]},"delete":{"operationId":"removeControlUsingDELETE_1","summary":"Delete Control","description":"Use this API to delete an existing control from the Controls Library.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"controlId","in":"path","description":"ID of the control. This value is obrtained using [Get List of Controls](/onetrust/reference/findcontrolsbycriteriausingpost_1) API.","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlRemovalResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/entities/{entityId}/control-implementations/pages":{"post":{"operationId":"findAssociatedControlImplementationsUsingPOST","summary":"Get List of Control Implementations by Entity","description":"Use this API to retrieve a list of all control implementations by entity, such as by assets, processing activities, legal entities, risks, and vendors.","tags":["Control Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"entityId","in":"path","description":"ID of the entity. This value can be obtained using [Get Control Implementation](/onetrust/reference/getcontrolimplementationdetailsusingget) API.","required":true,"schema":{"type":"string","format":"uuid"}},{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["number,asc","number,desc","entityName,asc","entityName,desc","entityType,asc","entityType,desc","controlIdentifier,asc","controlIdentifier,desc","controlName,asc","controlName,desc","frameworkName,asc","frameworkName,desc","categoryName,asc","categoryName,desc","effectiveness,asc","effectiveness,desc","maturityName,asc","maturityName,desc","status,asc","status,desc","primaryEntityName,asc","primaryEntityName,desc","primaryEntityType,asc","primaryEntityType,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"number,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageControlImplementationEntityDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/evidence-task-implementations/pages":{"post":{"operationId":"findAllEvidencesBySearchCriteria_1","summary":"Get List of Evidence Task Implementations","description":"Use this API to retrieve a list of all evidence task implementations by entity, such as by assignee, control, and current interval status. The response will include relevant details for each evidence implementation.","tags":["Evidence Task Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["number,asc","number,desc","name,asc","name,desc","primaryEntityName,asc","primaryEntityName,desc","primaryEntityType,asc","primaryEntityType,desc","collectionInterval,asc","collectionInterval,desc","collectionStartDate,asc","collectionStartDate,desc","lastCollected,asc","lastCollected,desc","currentIntervalStatus,asc","currentIntervalStatus,desc","currentIntervalStartDate,asc","currentIntervalStartDate,desc","currentIntervalEndDate,asc","currentIntervalEndDate,desc","relatedControls,asc","relatedControls,desc","evidenceTaskType,asc","evidenceTaskType,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"name,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageEvidenceImplementationDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/evidence-task-implementations/{evidenceTaskImplementationId}":{"get":{"operationId":"findEvidenceImplementationsById_1","summary":"Get Evidence Task Implementation","description":"Use this API to retrieve a single evidence implementation by its unique identifier.","tags":["Evidence Task Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"evidenceTaskImplementationId","in":"path","description":"The unique identifier (UUID) of the evidence task implementation.","required":true,"schema":{"type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceImplementationDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/evidence-task-implementations/{evidenceTaskImplementationId}/attachments":{"post":{"operationId":"addEvidenceImplementationAttachment","summary":"Add Attachments to Evidence Task Implementation","description":"Use this API to attach files, a note or a link to a specific Evidence Task Implementation.\n\n> 🗒 Things to Know\n>\n> - The files must first be uploaded to the OneTrust application using the [Upload File](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/fileupload) API. The `Id` and `Name` parameter values returned in the [Upload File](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/fileupload) API response are required in the request body for this API.","tags":["Evidence Task Implementations"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"evidenceTaskImplementationId","in":"path","description":"The unique identifier (UUID) of the evidence task implementation.","required":true,"schema":{"type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"Request containing attachment details to be added to the evidence task implementation.","type":"string","oneOf":[{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentFileRequest"},{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentLinkRequest"},{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentNoteRequest"}]}}}},"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/links/bulk":{"post":{"operationId":"bulkCreateLinksUsingPOST","summary":"Link Controls","description":"Use this API to link an existing control to one or multiple related controls in the Controls Library.","tags":["Control Links"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlBulkLinkCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_LinkInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v1/threats":{"post":{"operationId":"addThreatUsingPOST_1","summary":"Create Threat","description":"Use this API to create a new threat in the Threat Library.","tags":["Threats"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ThreatCreateRequestDto"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IdResponseUUID"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v1/threats/pages":{"post":{"operationId":"findThreatsByCriteriaUsingPOST","summary":"Get List of Threats","description":"Use this API to retrieve a list of all threats by key terms and filters. The response will include details for each threat along with the associated category and framework details and its corresponding status.","tags":["Threats"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["identifier,asc","identifier,desc","name,asc","name,desc","frameworkName,asc","frameworkName,desc","categoryName,asc","categoryName,desc","status,asc","status,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"name,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageThreatDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v1/threats/{threatId}":{"delete":{"operationId":"removeThreatUsingDELETE","summary":"Delete Threat","description":"Use this API to delete an existing threat from the Threat Library.","tags":["Threats"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"threatId","in":"path","description":"ID of a threat. The value can be obtained using the [Get List of Threats](/onetrust/reference/findthreatsbycriteriausingpost) API.","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v1/vulnerabilities":{"post":{"operationId":"addVulnerabilityUsingPOST_1","summary":"Create Vulnerability","description":"Use this API to create a new vulnerability in the Vulnerability Library.","tags":["Vulnerabilities"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_VulnerabilityCreateRequestDto"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IdResponseUUID"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v1/vulnerabilities/pages":{"post":{"operationId":"findVulnerabilitiesByCriteriaUsingPOST","summary":"Get List of Vulnerabilities","description":"Use this API to retrieve a list of all vulnerabilities by key terms and filters. The response will include details for each vulnerability along with the associated category and framework details and its corresponding status.","tags":["Vulnerabilities"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","default":0,"minimum":0},"example":0},{"name":"size","in":"query","description":"Number of records per page","schema":{"type":"integer","format":"int32","default":20,"maximum":2000,"minimum":1},"example":20},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is ascending","schema":{"type":"string","enum":["identifier,asc","identifier,desc","name,asc","name,desc","frameworkName,asc","frameworkName,desc","categoryName,asc","categoryName,desc","status,asc","status,desc","createdDate,asc","createdDate,desc","lastModifiedDate,asc","lastModifiedDate,desc"]},"example":"name,asc"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_PageVulnerabilityDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v1/vulnerabilities/{vulnerabilityId}":{"delete":{"operationId":"removeVulnerabilityUsingDELETE","summary":"Delete Vulnerability","description":"Use this API to delete an existing vulnerability from the Vulnerability Library.","tags":["Vulnerabilities"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"vulnerabilityId","in":"path","description":"ID of the vulnerability. The value can be obtained using the [Get List of Vulnerabilities](/onetrust/reference/findvulnerabilitiesbycriteriausingpost) API.","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v2/control-entity-types":{"get":{"operationId":"getAllEnabledControlEntityTypesUsingGET","summary":"Get List of Control Entity Source Types","description":"Use this API to retrieve a list of all control entity source types.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v2/related/control-entity-types":{"get":{"operationId":"getAllRelatedControlEntityTypesUsingGET","summary":"Get Related Control Entity Types","description":"Use this API to retrieve a list of related control entity types.","tags":["Controls"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["CONTROL"]}]}},"/api/controls/v2/threats":{"put":{"operationId":"updateThreatsUsingPUT","summary":"Update Threats","description":"Use this API to update the attributes of threats in the Threat Library.\n\n> 🗒 Things to Know\n>\n> - The [Get List of Threats](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/findthreatsbycriteriausingpost) API can be used to retrieve a list of all existing threats.","tags":["Threats"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"Put request containing a list of threats and attributes to be updated within the threats library.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ThreatUpdateRequest"}}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ThreatDto"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]},"post":{"operationId":"addThreatsUsingPOST","summary":"Create Multiple Threats","description":"Use this API to create multiple new threats in the Threat Library.","tags":["Threats"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"Post request containing a list of threats to be added to the threats library.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ThreatCreateRequestDto"}}}}},"responses":{"201":{"description":"Created\n\nReturns a list of added threat identifiers (guid).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IdResponseListUUID"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/controls/v2/vulnerabilities":{"put":{"operationId":"updateVulnerabilitiesUsingPUT","summary":"Update Vulnerabilities","description":"Use this API to update the attributes of vulnerabilities in the Vulnerability Library.\n\n> 🗒 Things to Know\n>\n> - The [Get List of Vulnerabilities](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/findvulnerabilitiesbycriteriausingpost) API can be used to retrieve a list of all existing vulnerabilities.","tags":["Vulnerabilities"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"Post request containing a list of vulnerabilities and attributes to be updated within the vulnerabilities library.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_VulnerabilityUpdateRequest"}}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_VulnerabilityDto"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]},"post":{"operationId":"addVulnerabilitiesUsingPOST","summary":"Create Multiple Vulnerabilities","description":"Use this API to create multiple new vulnerabilities in the Vulnerability Library.","tags":["Vulnerabilities"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"Post request containing a list of vulnerabilities to be added to the vulnerabilities library.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_VulnerabilityCreateRequestDto"}}}}},"responses":{"201":{"description":"Created\n\nReturns a list of added vulnerability identifiers (guid).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IdResponseListUUID"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-ITRiskManagement_OAUTH2":["ITRM"]}]}},"/api/risk-template/v1/templates/{riskTemplateId}":{"get":{"operationId":"getRiskTemplateUsingGET","summary":"Get Risk Template","description":"Use this API to retrieve the details for the specified risk template.\n\n> 🗒 Things to Know\n>\n> - The `templateId` can be obtained from the OneTrust application URL when accessing the Template Details screen for a risk template.","tags":["Risk Templates"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskTemplateId","in":"path","description":"The unique identifier used to retrieve a specific risk template.","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_RiskTemplateInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-RiskTemplate_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/entities/risks/unlink":{"post":{"operationId":"unlinkRisksFromEntityUsingPost","summary":"Unlink Risks","description":"Use this API to disassociate one or more risks from a target entity.\n\n> 🗒 Things to Know\n>\n> - This operation removes the association between the specified risks and the target entity.\n> - The risks themselves are not deleted, only the linkage is removed.\n> - Multiple risks can be unlinked in a single request.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLinkRequest"}}}},"responses":{"200":{"description":"Risks unlinked successfully"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risk-categories":{"get":{"operationId":"getActiveCategoriesUsingGET","summary":"Get List of Risk Categories","description":"Use this API to retrieve a list of all risk categories. The response will include details for each risk category along with the corresponding category ID, name, and description.\n> 🗒 Things to Know\n> \n> - This API will return all active risk categories.\n> - Each category will include its ID, name, and description.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_CategoryInformation"}}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/risk-settings/matrix":{"get":{"operationId":"getMatrixScoreSettingUsingGET","summary":"Get Risk Matrix Configuration","description":"Use this API to retrieve the risk score matrix configuration. The response will return risk details for all impact levels, scores, and probability levels.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_MatrixRiskScoreSettingDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}}}},"/api/risk/v2/risk-settings/standard":{"get":{"operationId":"getStandardScoreSettingUsingGET","summary":"Get Standard Risk Configuration","description":"Use this API to retrieve the standard risk score configuration. The response will return all risk levels along with the corresponding ID, name, and minimum and maximum scores.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_StandardRiskScoreSettingDto"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}}}},"/api/risk/v2/risks":{"post":{"operationId":"createRiskUsingPOST","summary":"Create Risk","description":"Use this API to create a new risk in the Risk Register. The response will include details of the created risk.\n> 🗒 Things to Know\n> \n> - This API will create a new risk with the specified details.\n> - The risk will be created in the default state.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/pages":{"post":{"operationId":"getRiskPageViewUsingPOST","summary":"Get List of Risks","description":"Use this API to retrieve a paginated list of risks based on search criteria and sorting options.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","example":0,"default":0,"minimum":0}},{"name":"size","in":"query","description":"Number of records per page (1..50)","schema":{"type":"integer","format":"int32","example":20,"default":20,"maximum":100,"minimum":1}},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is descending.","schema":{"type":"string","example":"createdDate,desc","default":"createdDate,desc","enum":["number,asc","number,desc","name,asc","name,desc","orgGroupId,asc","orgGroupId,desc","createdDate,asc","createdDate,desc","description,desc","description,asc","controlImplementationCount,desc","controlImplementationCount,asc"]}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSearchRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_Page"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/risks/risk-entity-types":{"get":{"operationId":"getAllEnabledRiskEntityTypesUsingGET","summary":"Get List of Risk Entity Types","description":"Use this API to retrieve a list of all entity types from which a risk can be created.","tags":["Entity Types"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"Successful retrieval of risk entity types","content":{"application/json":{"schema":{"type":"array","$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/risks/source-entity-types":{"get":{"operationId":"getAllEnabledSourceEntityTypesUsingGET","summary":"Get List of Risk Entity Source Types","description":"Use this API to retrieve a list of all entity types that can be automatically assigned as the source of a risk.","tags":["Entity Types"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"responses":{"200":{"description":"Successful retrieval of source entity types","content":{"application/json":{}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"}}}}},"403":{"description":"Forbidden","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"}}}}},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/risks/upsert":{"put":{"operationId":"createUpdateRiskUsingPUT","summary":"Create or Update Risk","description":"Use this API to create a new risk or update an existing one based on matching attributes. If a risk with matching attributes exists, it will be updated; otherwise, a new risk will be created.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"matchAttributes","in":"query","description":"List of attributes to match for upsert operation","required":true,"schema":{"type":"string"},"example":"name"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskCreateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{id}/assign-stage":{"post":{"operationId":"changeRiskStageUsingPOST","summary":"Update Risk Stage","description":"Use this API to assign a risk to a stage in a workflow.\n> 🗒 Things to Know\n> \n> - This API will move the risk to the specified stage in the workflow.\n> - The risk must be in a valid stage to be moved to the target stage.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"id","in":"path","description":"Risk unique Identifier","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_WorkflowStageNavigationInstructionInformation"}}}},"responses":{"200":{"description":"Risk stage changed successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_WorkflowStageListInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["RISK"]}]}},"/api/risk/v2/risks/{riskEntityType}/{entityId}/risks":{"post":{"operationId":"getLinkedRisksInformationUsingPOST","summary":"Get List of Linked Risks","description":"Use this API to retrieve risks linked to a specific entity type and ID.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"page","in":"query","description":"Results page to be retrieved (0..N)","schema":{"type":"integer","format":"int32","example":0,"default":0,"minimum":0}},{"name":"size","in":"query","description":"Number of records per page (1..50)","schema":{"type":"integer","format":"int32","example":20,"default":20,"maximum":100,"minimum":1}},{"name":"sort","in":"query","description":"Sorting criteria in the format: property(,asc|desc). Default sort order is descending.","schema":{"type":"string","example":"createdDate,desc","default":"createdDate,desc","enum":["number,asc","number,desc","name,asc","name,desc","orgGroupId,asc","orgGroupId,desc","createdDate,asc","createdDate,desc","description,desc","description,asc","controlImplementationCount,desc","controlImplementationCount,asc"]}},{"name":"riskEntityType","in":"path","description":"Type of the risk entity","required":true,"schema":{"type":"string"},"example":"ASSESSMENT"},{"name":"entityId","in":"path","description":"Unique identifier of the entity","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"},{"name":"Pageable information","in":"query","description":"Pagination and sorting parameters","required":true,"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_Pageable"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSearchRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_Page"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]}},"/api/risk/v2/risks/{riskId}":{"get":{"operationId":"getRiskUsingGET","summary":"Get Risk","description":"Use this API to retrieve details of a specific risk by its unique identifier. The response includes comprehensive information about the risk, including its status, owners, approvers, and other attributes.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK","RISK_READ"]}]},"put":{"operationId":"updateRiskUsingPUT","summary":"Update Risk","description":"Use this API to update an existing risk's details. This endpoint allows you to modify various attributes of a risk, including its name, description, owners, approvers, and other properties.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk to update","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskUpdateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]},"delete":{"operationId":"deleteRiskUsingDELETE","summary":"Delete Risk","description":"Use this API to delete an existing risk from the Risk Register.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk to delete","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]},"patch":{"operationId":"updateRiskUsingPATCH","summary":"Modify Risk","description":"Use this API to partially modify an existing risk in the Risk Register.\n\n> 🗒 Things to Know\n> \n> - The **Managing organization assignment for risks** setting must be enabled in the OneTrust Platform to pass values for the `orgGroupId` parameter using this API. If this setting is disabled, any values passed for the `orgGroupId` parameter will be ignored. This setting can be found on the **Global Settings > Risk, Controls & Evidence > General** screen.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk to patch","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskPatchRequest"}}}},"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/actions/{action}":{"put":{"operationId":"performRiskActionUsingPUT","summary":"Perform Risk Action","description":"> ❗️ End of Support Notification\n> \n> As of October 24, 2025, this API is now deprecated. For more information, see [OneTrust API Sunsetting & Deprecation Guidelines](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/onetrust-api-sunsetting-deprecation-guidelines).\n\nUse this API to perform an action on the specified risk.\n\n> 👍 \n> \n> For more information, see [About Risk Management Workflows](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-ebb5abb3-58f6-0d5e-4ef7-ad7afd3f3b44).","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/65b9576864527400108c5f69"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"},{"name":"action","in":"path","description":"Action to perform on the risk","required":true,"schema":{"type":"string","enum":["RISK_CREATED","RECOMMENDATION_ADDED","RECOMMENDATION_REMOVED","RECOMMENDATION_SEND","REMEDIATION_PROPOSED","REMEDIATION_APPROVED","REMEDIATION_REJECTED","REMEDIATION_REMOVED","EXCEPTION_REQUESTED","EXCEPTION_GRANTED","EXCEPTION_REJECTED","EXCEPTION_REMOVED","DEFAULT"]},"example":"RECOMMENDATION_SEND"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/approve":{"put":{"operationId":"approveRiskUsingPUT","summary":"Approve Risk","description":"Use this API to approve the specified risk.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskApproveRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/approvers":{"put":{"operationId":"updateRiskApproversUsingPUT","summary":"Update Risk Approvers","description":"Use this API to update the approvers of a specific risk.\n\nRisks approvers cannot be updated for a risk in the Monitoring stage of default risk workflows.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskApproverUpdateRequest"}}}},"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/categories":{"put":{"operationId":"updateRiskCategoriesUsingPUT","summary":"Update Risk Categories","description":"Use this API to update the categories of a specific risk.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"description":"List of category IDs to associate with the risk","type":"string","format":"uuid"}}}},"responses":{"201":{"description":"Created"},"202":{"description":"Accepted"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/control-implementations":{"post":{"operationId":"addControlsToRiskUsingPOST","summary":"Add Controls to Risk","description":"Adds control implementations to a risk","tags":["Risk Relationships"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskControlImplementationsRequest"}}}},"responses":{"201":{"description":"Controls added successfully"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/grant-exception":{"put":{"operationId":"grantRiskExceptionUsingPUT","summary":"Grant Risk Exception","description":"Use this API to grant an exception for a risk.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskGrantExceptionRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/owners":{"put":{"operationId":"updateRiskOwnersUsingPUT","summary":"Update Risk Owners","description":"Use this API to update the owners of a specific risk.\n\nRisk owners cannot be updated for a risk in the Monitoring stage of default risk workflows.","tags":["Risk Management"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskOwnerUpdateRequest"}}}},"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/reopen":{"put":{"operationId":"reopenRiskUsingPUT","summary":"Reopen Risk","description":"Use this API to reopen the specified risk.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskReopenRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/request-exception":{"put":{"operationId":"requestRiskExceptionUsingPUT","summary":"Request Risk Exception","description":"Use this API to request an exception for the specified risk.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskExceptionRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/send-back":{"put":{"operationId":"sendBackRiskUsingPUT","summary":"Send Back Risk","description":"Use this API to send back the specified risk to obtain additional information.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSendBackRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/submit":{"put":{"operationId":"submitRiskUsingPUT","summary":"Submit Risk","description":"Use this API to submit the specified risk for approval.","tags":["Risk Actions"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSubmitRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskInformation"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}},"/api/risk/v2/risks/{riskId}/threats":{"post":{"operationId":"addThreatToRisk","summary":"Add Threat to Risk","description":"Use this API to add or replace a threat on a risk.\n> 🗒 Things to Know\n> \n> - If a threat was previously assigned to the risk, that threat will be replaced with the new specified threat after calling this API.","tags":["Risk Relationships"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskThreatAddRequest"}}}},"responses":{"201":{"description":"Threat added or replaced successfully"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","ITRM"]}]}},"/api/risk/v2/risks/{riskId}/vulnerabilities":{"post":{"operationId":"addVulnerabilitiesToRisk","summary":"Add Vulnerabilities to Risk","description":"Use this API to add or replace vulnerabilities on a risk.\n> 🗒 Things to Know\n> \n> - If vulnerabilities were previously assigned to the risk, those vulnerabilities will be replaced with the new specified vulnerabilities after calling this API.","tags":["Risk Relationships"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"parameters":[{"name":"riskId","in":"path","description":"Unique identifier of the risk","required":true,"schema":{"type":"string","format":"uuid"},"example":"123e4567-e89b-12d3-a456-426614174000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskVulnerabilityAddRequest"}}}},"responses":{"201":{"description":"Vulnerabilities added or replaced successfully"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","ITRM"]}]}},"/api/risk/v3/risks":{"post":{"operationId":"createStandAloneRiskUsingPOST","summary":"Create Risk","description":"Use this API to create a new risk in the Risk Register. The response will include details of the created risk.\n> 🗒 Things to Know\n>\n> - This API will create a new risk with the specified details.\n> - The risk will be created in the default state.\n> - This is a standalone risk creation endpoint.","tags":["Risks"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-it-risk-management.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"string","format":"uuid"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"TechRiskCompliance-Risk_OAUTH2":["INTEGRATION","RISK"]}]}}},"components":{"schemas":{"TechRiskCompliance-ITRiskManagement_AttributeValueInformation":{"type":"object","properties":{"id":{"description":"Unique identifier for the attribute option","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"value":{"description":"Attribute value","type":"string","example":"Text Value"},"valueKey":{"description":"Translation key used for localizing the value","type":"string","example":"attribute.option.valueKey"},"colorCode":{"description":"Color code associated with the option. Used for score-based attributes.","type":"string","example":"red"},"optionSelectionValue":{"description":"Selection score value linked to the option. Used for score-based or numerical-based attributes.","type":"string","example":"3.5"},"displayLabel":{"description":"Display name for the option, used for external attributes managed by other systems","type":"string","example":"United State | San Francisco"},"disabled":{"description":"Indicates whether this attribute option is currently disabled.","type":"boolean","example":false,"default":"false"}},"required":["value"]},"TechRiskCompliance-ITRiskManagement_CategoryInformation":{"type":"object","properties":{"id":{"description":"Category unique identifier","type":"string","format":"uuid"},"name":{"description":"Category name","type":"string","example":"Financial Category"},"nameKey":{"description":"Category nameKey for localization support","type":"string","example":"IM.FinancialCategoryName"}}},"TechRiskCompliance-ITRiskManagement_FrameworkInformation":{"type":"object","properties":{"id":{"description":"Primary Identifier.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"Framework Name of Control.","type":"string","example":"ISO 27001"},"nameKey":{"description":"Framework Name key for Translation.","type":"string","example":"framework.key.iso"}}},"TechRiskCompliance-ITRiskManagement_OrganizationInformation":{"type":"object","properties":{"id":{"description":"Primary Identifier.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"Organization Name.","type":"string","example":"ABC Corp"}}},"TechRiskCompliance-ITRiskManagement_VulnerabilityDto":{"type":"object","properties":{"id":{"description":"Unique system identifier (UUID) for the vulnerability.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"Business identifier for the vulnerability - unique within the organization.","type":"string","example":"VULN-2025-001"},"name":{"description":"Display name of the vulnerability.","type":"string","example":"Cross-Site Scripting (XSS) in Web Application"},"description":{"description":"Detailed description of the vulnerability, including potential impact and affected components.","type":"string","example":"This vulnerability allows attackers to inject malicious client-side scripts into web pages viewed by other users. The vulnerability arises from inadequate validation and sanitization of user input that is subsequently displayed in web pages."},"framework":{"description":"Framework information associated with this vulnerability, including framework identifier and name.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this vulnerability, including category identifier and name.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"orgGroup":{"description":"Organization group information that this vulnerability belongs to.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_OrganizationInformation"},"status":{"description":"Current status of the vulnerability (e.g., Active, Pending, Archived).","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"attributes":{"description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["id","identifier","name","orgGroup"]},"TechRiskCompliance-ITRiskManagement_VulnerabilityUpdateRequest":{"type":"object","properties":{"orgGroupId":{"description":"Organization group identifier that this vulnerability belongs to.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"Unique business identifier for the vulnerability - must be unique within the organization.","type":"string","example":"VULN-2025-001","maxLength":50,"minLength":1},"name":{"description":"Name of the vulnerability.","type":"string","example":"Cross-Site Scripting (XSS) in Web Application","maxLength":500,"minLength":1},"description":{"description":"Detailed description of the vulnerability.","type":"string","example":"This vulnerability allows attackers to inject malicious client-side scripts into web pages viewed by other users. The vulnerability arises from inadequate validation and sanitization of user input that is subsequently displayed in web pages.","maxLength":4000,"minLength":0},"framework":{"description":"Framework information associated with this vulnerability.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this vulnerability.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"status":{"description":"Current status of the vulnerability.","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"id":{"description":"Unique system identifier (UUID) of the vulnerability to update.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"attributes":{"description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["id","identifier","name","orgGroupId"]},"TechRiskCompliance-ITRiskManagement_ThreatDto":{"type":"object","properties":{"id":{"description":"Primary Identifier of Threat.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"String Identifier of Threat.","type":"string","example":"THREAT-2025-001"},"name":{"description":"Threat Name.","type":"string","example":"Data Exfiltration Through Insecure Communication Channels"},"description":{"description":"Threat Description.","type":"string","example":"This threat involves the unauthorized transfer of data from a device or network to an external destination through insecure channels. Attackers may exploit weak encryption, unpatched vulnerabilities, or misconfigured systems to extract sensitive information."},"framework":{"description":"Framework information associated with this threat, including framework identifier and name.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this threat, including category identifier and name.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"orgGroup":{"description":"Organization group information that this threat belongs to.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_OrganizationInformation"},"status":{"description":"Threat Status.","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"attributes":{"description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["id","identifier","name","orgGroup"]},"TechRiskCompliance-ITRiskManagement_ThreatUpdateRequest":{"type":"object","properties":{"orgGroupId":{"description":"Organization Group Identifier of Threat.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"String Identifier of Threat.","type":"string","example":"THREAT-2025-001","maxLength":50,"minLength":1},"name":{"description":"Threat Name.","type":"string","example":"Data Exfiltration Through Insecure Communication Channels","maxLength":500,"minLength":1},"description":{"description":"Description of the Threat.","type":"string","example":"This threat involves the unauthorized transfer of data from a device or network to an external destination through insecure channels.","maxLength":4000,"minLength":0},"framework":{"description":"Framework information associated with this threat.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this threat.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"status":{"description":"Threat Status.","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"id":{"description":"Unique system identifier (UUID) of the threat to update.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"attributes":{"description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["id","identifier","name","orgGroupId"]},"TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation":{"type":"object","properties":{"id":{"description":"Attribute option GUID.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"value":{"description":"Attribute option value.","type":"string","example":"Text value"},"valueKey":{"description":"Identifier used for translation of an attribute's option value.","type":"string","example":"attribute.option.valueKey"}}},"TechRiskCompliance-ITRiskManagement_ControlDetailInformation":{"type":"object","properties":{"id":{"description":"The identifier of the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"identifier":{"description":"The identifier of the control.","type":"string","example":"A.5.1.1"},"name":{"description":"The name of the control.","type":"string","example":"Control Name"},"description":{"description":"Description of the control.","type":"string","example":"Test Controls for Privacy"},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is the top organization in the organization hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"orgGroupName":{"description":"Organization Group Name of Control.","type":"string","example":"ABC Corp"},"frameworkId":{"description":"Identifier (GUID) of the framework on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"frameworkName":{"description":"Framework Name of Control.","type":"string","example":"ISO/IEC 27017"},"frameworkNameKey":{"description":"Framework Name key for Translation.","type":"string","example":"framework.key.iso"},"categoryId":{"description":"Identifier (GUID) of the category on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"Name of the category on the control.","type":"string","example":"Privacy"},"categoryNameKey":{"description":"Identifier used for translation of Category Name.","type":"string","example":"ControlName"},"seedControlId":{"description":"The identifier of control that was seeded to the Master Control.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"otControlIdentifier":{"description":"Unique OT identifier of Control.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174001"},"status":{"description":"The new status of the control. This can be Active, Archived, or Pending.","type":"string","example":"Active","enum":["Active","Archived","Pending"]},"attributes":{"description":"Custom attributes for the control. These attributes are custom to the tenant.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes for the control. These attributes are custom to the tenant.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of the control requirement.","type":"string","example":"Implementation guidance of the control requirement."},"licensedContentMissing":{"description":"Flag which identify if any licensed content is missing and should obtain the license validation to view all content.","type":"boolean","example":false},"contentVersion":{"description":"Indicates the content version of this record.","type":"string","example":"1.0"}},"required":["id","identifier","name","orgGroupId","orgGroupName"]},"TechRiskCompliance-ITRiskManagement_ControlUpdateRequestDto":{"type":"object","properties":{"identifier":{"description":"The identifier of the control.","type":"string","example":"A.1.1","maxLength":50,"minLength":1},"name":{"description":"The name of the control.","type":"string","example":"Control ABC","maxLength":300,"minLength":1},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is top organization in the org hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"description":{"description":"Description of the control.","type":"string","example":"Testing Control","maxLength":3000,"minLength":0},"recommendation":{"description":"The recommendation status of this control based on Athena logic.","type":"string","example":"Recommended","maxLength":500,"minLength":0},"frameworkId":{"description":"Identifier of the framework the control is tied to.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"frameworkName":{"description":"Name of the framework the control is tied to.","type":"string","example":"NIST","maxLength":500,"minLength":0},"frameworkNameKey":{"description":"Identifier used for translation of Framework Name.","type":"string","example":"framework.NIST","maxLength":500,"minLength":0},"status":{"description":"The new status of the control. This can be Active, Archived, or Pending.","type":"string","example":"Active","enum":["Active","Archived","Pending"]},"categoryId":{"description":"The identifier of the category tied to the control. Optional if no category is needed or if category name is provided.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"The name of the category tied to the control. Optional if category Id is provided.","type":"string","example":"Access Control","maxLength":500,"minLength":0},"categoryNameKey":{"description":"Identifier used for translation of category name. Optional if category Id is provided.","type":"string","example":"category.AccessControl","maxLength":500,"minLength":0},"attributes":{"description":"Custom Attributes","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of control.","type":"string","example":"Testing Control"},"scopeId":{"description":"The identifier of the scope associated with this control.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"justificationIds":{"description":"Set of justification identifiers explaining why this control is included in the framework.","type":"array","items":{"type":"string","format":"uuid","description":"Set of justification identifiers explaining why this control is included in the framework."},"example":["123e4567-e89b-12d3-a456-426614174001","123e4567-e89b-12d3-a456-426614174002"],"uniqueItems":true}},"required":["identifier","name","orgGroupId"]},"TechRiskCompliance-ITRiskManagement_BasicDetails":{"type":"object","properties":{"id":{"description":"Identifier (GUID) of the entity.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"name":{"description":"Name of the entity.","type":"string","example":"Entity Name"},"nameKey":{"description":"Name Key of the entity.","type":"string","example":"EntityNameKey"}}},"TechRiskCompliance-ITRiskManagement_BasicEntityReference":{"type":"object","properties":{"id":{"description":"Identifier of the entity (UUID).","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"The name of the entity.","type":"string","example":"Entity Name"},"nameKey":{"description":"Name of the entity used for translation.","type":"string","example":"EntityName"}},"required":["id","name"]},"TechRiskCompliance-ITRiskManagement_ControlEntityInformation":{"type":"object","properties":{"id":{"description":"The identifier (GUID) of the related entity.","type":"string","format":"uuid","example":"1ab2fff0-cb80-b560-99a1-4a3b527f61f5"},"name":{"description":"The name of the entity.","type":"string","example":"Asset 305"},"type":{"description":"The type of the related entity.","type":"string","example":"Risks","enum":["Risks","Assets","ProcessingActivities","Vendors","Entities"]},"controlEntityType":{"description":"The type of the related entity.","example":{"id":"Risks"},"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation"},"organizationId":{"description":"The identifier (GUID) of the organization which contains the entity.","type":"string","format":"uuid","example":"1ab2fff0-cb80-b560-99a1-4a3b527f61f5"},"softInherited":{"description":"Indicates if this control is soft-inherited or not.","type":"boolean","example":false},"relationshipLabel":{"description":"The RelationshipType to the control entity.","type":"string","example":"IMPLEMENTED_ON","enum":["IMPLEMENTED_ON","MITIGATES","LEVERAGED_BY","INCLUDED_IN","RELATED_TO"]},"isPrimary":{"description":"Indicates if entity is primary.","type":"boolean","example":true}},"required":["controlEntityType","id","name","type"]},"TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation":{"type":"object","properties":{"id":{"description":"ID of the entity type. This can be Assets, Entities, Custom Object GUID in the form of String.","type":"string","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"label":{"description":"Name of the EntityType.","type":"string","example":"Assets"},"translationKey":{"description":"Translation Key of EntityType ID.","type":"string","example":"Assets"},"moduleName":{"description":"Module Name of EntityType.","type":"string","example":"DataMapping"},"seeded":{"description":"The parameter is true for Base Entity Type and false for Custom Object/Entity Types by default.","type":"boolean","example":true}},"required":["id"]},"TechRiskCompliance-ITRiskManagement_ControlExtInformation":{"type":"object","properties":{"id":{"description":"The identifier of the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"identifier":{"description":"The identifier of the control.","type":"string","example":"A.5.1.1"},"name":{"description":"The name of the control.","type":"string","example":"Control Name"},"description":{"description":"Description of the control.","type":"string","example":"Test Controls for Privacy"},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is the top organization in the organization hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"orgGroupName":{"description":"Organization Group Name of Control.","type":"string","example":"ABC Corp"},"frameworkId":{"description":"Identifier (GUID) of the framework on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryId":{"description":"Identifier (GUID) of the category on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"Name of the category on the control.","type":"string","example":"Privacy"},"categoryNameKey":{"description":"Identifier used for translation of Category Name.","type":"string","example":"ControlName"},"frameworkName":{"description":"Name of the framework of the control.","type":"string","example":"Framework 123"},"attributes":{"description":"Custom attributes for the control. These attributes are custom to the tenant.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes for the control. These attributes are custom to the tenant.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of the control requirement.","type":"string","example":"Implementation guidance of the control requirement."}},"required":["id","identifier","name","orgGroupId","orgGroupName"]},"TechRiskCompliance-ITRiskManagement_ControlImplementationDto":{"type":"object","properties":{"id":{"description":"GUID of Control Implementation.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"number":{"description":"Numeric identifier for Control Implementation.","type":"integer","format":"int32","example":123},"organizationId":{"description":"The identifier (GUID) of the organization implementation.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"orgGroupName":{"description":"Organization name with which control implementation is created.","type":"string","example":"Organization1"},"primaryEntity":{"description":"Entity Details of the primary implementor.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityInformation"},"control":{"description":"Implemented Control Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlExtInformation"},"status":{"description":"The status of the control.","type":"string","example":"Implemented","enum":["Pending","Implemented","NotDoing","Suggested"],"deprecated":true},"suggestion":{"description":"The suggestion status of the control. Used by Athena.","type":"string","example":"Suggested","enum":["Suggested","Accepted","Rejected"]},"effectiveness":{"description":"The effectiveness of the control.","type":"string","example":"Effective","enum":["Effective","Ineffective","Planned"],"deprecated":true},"effectivenessInfo":{"description":"Effectiveness details","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"note":{"description":"Notes used for the control. This is free text to contain any additional details which may be needed.","type":"string","example":"Testing control value"},"deadline":{"description":"The deadline for the control.","type":"string","format":"date","example":"2020-11-05"},"maturity":{"description":"Maturity Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"statusInfo":{"description":"Status Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"owner":{"description":"Implemented Control Owner.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference","deprecated":true},"owners":{"description":"List of Implemented Control Owners.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"}},"approvers":{"description":"List of Implemented Control approvers.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"}},"createdBy":{"description":"The user or operation the control was created by.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"createDt":{"description":"The date on which the control implementation was created.","type":"string","format":"date-time","example":"2020-11-05T22:01:21.200+00:00"},"lastModifiedBy":{"description":"The user or process the control was last modified by (GUID).","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174001"},"lastModifiedDate":{"description":"The date the control was last modified.","type":"string","format":"date-time","example":"2020-11-05T22:01:21.200+00:0"},"controlObjectivesCount":{"description":"count of total control objectives linked.","type":"integer","format":"int64","example":4},"attributes":{"description":"Implemented Custom Attributes.","type":"object","additionalProperties":{"type":"array","description":"Implemented Custom Attributes.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"entityLinks":{"description":"Entity Details of the implementation links.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityInformation"}},"workflow":{"description":"Control Implementation workflow basic details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicDetails"},"workflowStage":{"description":"Control Implementation workflow stage basic details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_WorkflowStageBasicDetails"},"deleteType":{"description":"Control implementation delete type.","type":"string","example":"SOFT","enum":["SOFT"]},"controlImplementationName":{"description":"Control Implementation Name of the implemented control.","type":"string","example":"Control Implementation name"},"controlImplementationDescription":{"description":"Control Implementation Description of the implemented control.","type":"string","example":"Control Implementation Description"},"controlImplementationGuidance":{"description":"Control Implementation Guidance of the implemented control.","type":"string","example":"Control Implementation Guidance"},"controlImplementationCategoryId":{"description":"Control Implementation Category of the implemented control.","type":"string","format":"uuid","example":"Control Implementation Category Id"},"controlImplementationCategoryName":{"description":"Control Implementation Category Name of the implemented control.","type":"string","example":"Control Category Name"},"controlImplementationCategoryNameKey":{"description":"Control Implementation Name of the implemented control.","type":"string","example":"Control Category Name Key"},"controlImplementationOrigin":{"description":"Control Implementation Origin of the implemented control.","type":"string","example":"Control Implementation Origin"},"externalImplementationURL":{"description":"External ImplementationURL of the implemented control.","type":"string","example":"Control Implementation Link"},"externalControlImplementation":{"description":"is this an external control implementation.","type":"boolean","example":true},"duplicateEvidenceTaskImplPresent":{"description":"Duplicate evidence task implementation present.","type":"boolean","example":true},"hasMoreThanOneInvLinks":{"description":"Implementation has more than one inventory links.","type":"boolean","example":true},"inventoriesCount":{"description":"Related inventories count.","type":"integer","format":"int64","example":3},"risksCount":{"description":"Related risks count.","type":"integer","format":"int64","example":1}},"required":["control","id","number","orgGroupName","organizationId","primaryEntity","status"]},"TechRiskCompliance-ITRiskManagement_StageApproverBasicDetails":{"type":"object","properties":{"id":{"description":"stage approver id.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174003"},"firstName":{"description":"stage approver first name.","type":"string","example":"John"},"lastName":{"description":"stage approver last name.","type":"string","example":"Doe"},"approvedTimeStamp":{"description":"approved time.","type":"string","format":"date-time","example":"2020-11-05T22:01:21.200+00:00"},"status":{"description":"stage approved status.","type":"string","example":"approved"}}},"TechRiskCompliance-ITRiskManagement_WorkflowStageBasicDetails":{"type":"object","properties":{"id":{"description":"Identifier (GUID) of the entity.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"name":{"description":"Name of the entity.","type":"string","example":"Entity Name"},"nameKey":{"description":"Name Key of the entity.","type":"string","example":"EntityNameKey"},"currentStageApprovers":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_StageApproverBasicDetails"},"uniqueItems":true}}},"TechRiskCompliance-ITRiskManagement_BasicDetail":{"type":"object","properties":{"id":{"description":"Identifier (GUID)","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"name":{"description":"Name","type":"string","example":"Entity Name"}}},"TechRiskCompliance-ITRiskManagement_ControlImplementationUpdateRequest":{"type":"object","properties":{"status":{"description":"New status of implemented control.","type":"string","example":"Pending","enum":["Pending","Implemented","NotDoing","Retired"],"deprecated":true},"effectiveness":{"description":"Effectiveness of implemented control.","type":"string","example":"Ineffective","enum":["Effective","Ineffective","Planned"],"deprecated":true},"effectivenessId":{"description":"Identifier of the effectiveness associated with control implementation.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174123"},"note":{"description":"Notes on implemented control.","type":"string","example":"Testing Control"},"deadline":{"description":"Deadline associated with the control implementation. Format (yyyy-MM-dd).","type":"string","format":"date","example":"2019-01-01"},"controlOwnerId":{"description":"Identifier (UUID) of the owner of control implementation.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000","deprecated":true},"maturityId":{"description":"Identifier of the maturity associated with control implementation.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"statusId":{"description":"Identifier of the control implementation Status.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"attributes":{"description":"Custom Attributes of control implementation.","type":"object","example":{"attributeTextValue.value1":[{"id":"4e9ac165-7304-4c6e-a207-d32f22f4808b","value":"2020-11-12","valueKey":"OneTrustApp.CONTROLS.Control.Attributes.866e5e2d-916f-4ab7-b16f-448c9b44e815"}]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"controlOwnerIds":{"description":"List of Identifier (UUID) of the owners of control implementation.","type":"array","items":{"type":"string","format":"uuid"},"example":["123e4567-e89b-12d3-a456-426614174000","456a4567-e89b-12d3-123e-426614174001","123e4567-e89b-12d3-a456-426614174002"]},"controlApproverIds":{"description":"List of Identifier (UUID) of the approver of control implementation.","type":"array","items":{"type":"string","format":"uuid"},"example":["123e4567-e89b-12d3-a456-426614174000","456a4567-e89b-12d3-123e-426614174001","123e4567-e89b-12d3-a456-426614174002"]},"implementationCategoryId":{"description":"The identifier of the category tied to the control Implementation. Optional if no category needed or if category name provided.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"implementationDescription":{"description":"Description of the control implementation.","type":"string","example":"Testing Control Implementation","maxLength":3000,"minLength":0},"implementationGuidance":{"description":"Implementation Guidance of the control Implementation.","type":"string","example":"Testing Control guidance"},"implementationName":{"description":"The name of the control Implementation.","type":"string","example":"Control Implementation","maxLength":300,"minLength":0},"controlOwners":{"description":"List of owners of control implementation.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicDetail"},"example":[{"id":"123e4567-e89b-12d3-a456-426614174000","name":"User1"}]},"implementationCategoryName":{"description":"The name of the category tied to the control Implementation.","type":"string","example":"Implementation Custom Category"}},"required":["status"]},"TechRiskCompliance-ITRiskManagement_IdResponseListUUID":{"type":"object"},"TechRiskCompliance-ITRiskManagement_VulnerabilityCreateRequestDto":{"type":"object","properties":{"orgGroupId":{"description":"Organization group identifier that this vulnerability belongs to.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"Unique business identifier for the vulnerability - must be unique within the organization.","type":"string","example":"VULN-2025-001","maxLength":50,"minLength":1},"name":{"description":"Name of the vulnerability.","type":"string","example":"Cross-Site Scripting (XSS) in Web Application","maxLength":500,"minLength":1},"description":{"description":"Detailed description of the vulnerability.","type":"string","example":"This vulnerability allows attackers to inject malicious client-side scripts into web pages viewed by other users. The vulnerability arises from inadequate validation and sanitization of user input that is subsequently displayed in web pages.","maxLength":4000,"minLength":0},"framework":{"description":"Framework information associated with this vulnerability.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this vulnerability.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"status":{"description":"Current status of the vulnerability.","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"attributes":{"description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this vulnerability, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["identifier","name","orgGroupId"]},"TechRiskCompliance-ITRiskManagement_ThreatCreateRequestDto":{"type":"object","properties":{"orgGroupId":{"description":"Organization Group Identifier of Threat.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"identifier":{"description":"String Identifier of Threat.","type":"string","example":"THREAT-2025-001","maxLength":50,"minLength":1},"name":{"description":"Threat Name.","type":"string","example":"Data Exfiltration Through Insecure Communication Channels","maxLength":500,"minLength":1},"description":{"description":"Description of the Threat.","type":"string","example":"This threat involves the unauthorized transfer of data from a device or network to an external destination through insecure channels.","maxLength":4000,"minLength":0},"framework":{"description":"Framework information associated with this threat.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FrameworkInformation"},"category":{"description":"Category information for classifying this threat.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"},"status":{"description":"Threat Status.","type":"string","example":"Active","enum":["Active","Pending","Archived"]},"attributes":{"description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes associated with this threat, organized as a map of attribute names to their values.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}}},"required":["identifier","name","orgGroupId"]},"TechRiskCompliance-ITRiskManagement_IdResponseUUID":{"type":"object","properties":{"id":{"description":"Primary identifier of the created or updated entity, typically a UUID.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"}},"required":["id"]},"TechRiskCompliance-ITRiskManagement_PageVulnerabilityDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_VulnerabilityDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_Pageable":{"type":"object","title":"Pageable"},"TechRiskCompliance-ITRiskManagement_Sort":{"type":"object","title":"Sort"},"TechRiskCompliance-ITRiskManagement_FilterInformation":{"type":"object","properties":{"field":{"description":"Field to search on.","type":"string","example":"lastCollected"},"operator":{"description":"Operator for search.","type":"string","example":"GREATER_THAN","enum":["EQUAL_TO","NOT_EQUAL_TO","BETWEEN","GREATER_THAN","LESS_THAN"]},"value":{"description":"The field value used to filter results. If filtering for a range of values, this would be the start of the range and should be used in conjunction with the `toValue` parameter. \nExamples by type: UUID = 'e68d49c4-f11f-4cd9-8f1b-0be8ef945b8f', LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7.","type":"object","example":"2020-11-10","oneOf":[{"type":"string","format":"uuid"},{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]},"toValue":{"description":"The field value for the end of the range. This field should be used in conjunction with the `value` parameter. \nExamples by type: LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7.","type":"object","oneOf":[{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]}},"required":["field","value"]},"TechRiskCompliance-ITRiskManagement_SearchCriteriaInformation":{"type":"object","properties":{"filters":{"description":"Filters used in search.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_FilterInformation"},"uniqueItems":true},"fullText":{"description":"Full text search terms.","type":"string","example":"firewall"},"excludeTotalRecordsCount":{"type":"boolean"}}},"TechRiskCompliance-ITRiskManagement_PageThreatDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ThreatDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_LinkInformation":{"type":"object","properties":{"id":{"description":"Link Information Identifier","type":"string","format":"uuid"},"sourceId":{"description":"Link Information Source Identifier","type":"string","format":"uuid"},"sourceType":{"description":"Link Information Source Type","type":"string"},"destinationId":{"description":"Link Information Destination Identifier","type":"string","format":"uuid"},"destinationType":{"description":"Link Information Destination Type","type":"string"},"destinationName":{"description":"Link Information Destination Name","type":"string"},"destinationOrgGroupId":{"description":"Link Information Destination Organization Group Identifier","type":"string","format":"uuid"},"linkType":{"description":"Link Information Link Type Information","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_LinkTypeInformation"}}},"TechRiskCompliance-ITRiskManagement_LinkTypeInformation":{"type":"object","properties":{"id":{"description":"Link Type Information Identifier","type":"string","format":"uuid"},"name":{"description":"Link Type Information Name","type":"string"},"nameKey":{"description":"Link Type Information Name Key used for translation","type":"string"}}},"TechRiskCompliance-ITRiskManagement_ControlBulkLinkCreateRequest":{"type":"object","properties":{"source":{"description":"Source linkable.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_LinkableEntity"},"destinations":{"description":"Destination linkable(s). At least one destination should be provided","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_LinkableEntity"},"maxItems":2147483647,"minItems":1,"minLength":1,"uniqueItems":true},"linkTypeNameKey":{"description":"Specifies the relationship type key","type":"string","example":"RelatedControl","minLength":1},"parameters":{"description":"Custom Parameters for domain specific processing","additionalProperties":{"type":"object"},"type":"object"}},"required":["destinations","linkTypeNameKey","source"]},"TechRiskCompliance-ITRiskManagement_LinkableEntity":{"type":"object","properties":{"id":{"description":"Linkable Entity Identifier","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"type":{"description":"Linkable Entity Type","type":"string","example":"Control","minLength":1},"name":{"description":"Linkable Entity Name","type":"string","example":"Information security policy"},"orgGroupId":{"description":"Linkable Entity Organization Group Identifier","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5pe3"}},"required":["id"]},"TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentFileRequest":{"type":"object","properties":{"collectionDate":{"description":"The date that the attachment was collected.","type":"string","format":"date","example":"2021-01-01"},"documentType":{"description":"The type of attachment.","type":"string","example":"FILE","enum":["FILE","NOTE","LINK"]},"evidenceTaskImplementationDocumentRequests":{"description":"The list of files to attach.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationDocumentRequest"},"minItems":1}},"required":["collectionDate","documentType","evidenceTaskImplementationDocumentRequests"]},"TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationDocumentRequest":{"type":"object","properties":{"attachmentId":{"description":"The unique identifier of the attachment.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"name":{"description":"The name of the attachment.","type":"string","example":"Attachment Name"}},"required":["attachmentId","name"]},"TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentLinkRequest":{"type":"object","properties":{"collectionDate":{"description":"The date that the attachment was collected.","type":"string","format":"date","example":"2021-01-01"},"documentType":{"description":"The type of attachment.","type":"string","example":"FILE","enum":["FILE","NOTE","LINK"]},"url":{"description":"The URL to attach.","type":"string","format":"url","example":"https://example.com/link"},"description":{"description":"The description of the URL.","type":"string","example":"Link Description"},"name":{"description":"The name of the attachment.","type":"string","example":"Attachment Name"}},"required":["collectionDate","description","documentType","name","url"]},"TechRiskCompliance-ITRiskManagement_EvidenceTaskImplementationAttachmentNoteRequest":{"type":"object","properties":{"collectionDate":{"description":"The date that the attachment was collected.","type":"string","format":"date","example":"2021-01-01"},"documentType":{"description":"The type of attachment.","type":"string","example":"FILE","enum":["FILE","NOTE","LINK"]},"note":{"description":"The note to attach.","type":"string","example":"Note"},"name":{"description":"The name of the attachment.","type":"string","example":"Attachment Name"}},"required":["collectionDate","documentType","name","note"]},"TechRiskCompliance-ITRiskManagement_EvidenceEntityInformation":{"type":"object","properties":{"id":{"description":"The identifier (GUID) of the related entity.","type":"string","format":"uuid","example":"1ab2fff0-cb80-b560-99a1-4a3b527f61f5"},"name":{"description":"The name of the entity.","type":"string","example":"Asset 305"},"type":{"description":"The type of the related entity.","type":"string","example":"Risks","enum":["ControlImplementations","Risks","Assets","ProcessingActivities","Vendors","Entities","Initiatives"]},"evidenceEntityType":{"description":"The type of the related entity.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation"},"orgGroupId":{"description":"The identifier (GUID) of the organization which contains the entity.","type":"string","format":"uuid","example":"1ab2fff0-cb80-b560-99a1-4a3b527f61f5"},"controlEntityType":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityTypeInformation"}},"required":["evidenceEntityType","id","name"]},"TechRiskCompliance-ITRiskManagement_EvidenceImplementationDto":{"type":"object","properties":{"id":{"description":"GUID of Evidence Implementation.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"number":{"description":"Numeric identifier for Evidence Implementation.","type":"integer","format":"int64","example":123},"orgGroup":{"description":"The identifier (GUID) of the organization evidence implementation.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicDetail"},"primaryEntity":{"description":"Entity Details of the primary implementor.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceEntityInformation"},"primaryEntityName":{"description":"Entity Details of the primary implementor.","type":"string","example":"Asset124"},"evidenceTaskId":{"description":"Master evidence task id.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174123"},"name":{"description":"Name of the evidence task.","type":"string","example":"Security Updates"},"description":{"description":"Description of the evidence task.","type":"string","example":"i) Provide evidence to confirm that periodic security updates are published and communicated to employees and contractors."},"guidance":{"description":"Guidance of the evidence task.","type":"string","example":"For internal users, the security updates communication can be demonstrated by making these policies available to them through the corporate intranet."},"collectionInterval":{"description":"Entity Details of the primary implementor.","type":"string","example":"MONTHLY","enum":["ONE_TIME","WEEKLY","BIWEEKLY","MONTHLY","QUARTERLY","BIANNUALY","YEARLY"]},"collectionStartDate":{"description":"Start of the collection.","type":"string","format":"date","example":"2020-11-05"},"lastCollected":{"description":"Last evidence collected date.","type":"string","format":"date","example":"2020-11-10"},"currentIntervalStatus":{"description":"Current interval status.","type":"string","example":"InProgress","enum":["NotCollected","Collected","OverDue","InProgress"]},"currentIntervalEndDate":{"description":"Current interval end date.","type":"string","format":"date","example":"2020-11-30"},"assignee":{"description":"List of evidence Assignee.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"}},"relatedControls":{"description":"Number of related controls.","type":"integer","format":"int32","example":2},"related":{"description":"Number of related entities.","type":"integer","format":"int32","example":2},"canSplit":{"description":"Flag to indicate if evidence can be split.","type":"boolean","example":true},"evidenceTaskType":{"description":"Evidence task type.","type":"string","example":"SYSTEM","enum":["SYSTEM","CUSTOM"]},"createdBy":{"description":"The user or operation the control was created by.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"createdDate":{"description":"The date the control implementation was created.","type":"string","format":"date-time","example":"2020-11-05T22:01:21.200+00:00"},"lastModifiedBy":{"description":"The user or process the control was last modified by (GUID).","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174001"},"lastModifiedDate":{"description":"The date the control was last modified.","type":"string","format":"date-time","example":"2020-11-05T22:01:21.200+00:0"},"collectedEvidenceCount":{"description":"The count for collected evidences.","type":"integer","format":"int32","example":1},"automaticCollection":{"description":"Status of the automatic collection configuration.","type":"string","example":"AVAILABLE","enum":["CONFIGURED","AVAILABLE","NOT_AVAILABLE"]},"deleteType":{"description":"Evidence task implementation delete type.","type":"string","example":"SOFT"},"duplicate":{"description":"If similar implementation is present from same master evidence for given control implementation.","type":"boolean","example":false},"dueDateOffset":{"description":"Offset for the due date in days.","type":"integer","format":"int32","example":5},"suggestedSystemAvailable":{"type":"boolean"}},"required":["number"]},"TechRiskCompliance-ITRiskManagement_PageEvidenceImplementationDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_EvidenceImplementationDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_ControlImplementationEntityDto":{"type":"object","properties":{"id":{"description":"GUID of Control Implementation Entity Link.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"implementationId":{"description":"GUID of Control Implementation.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"number":{"description":"Numeric identifier for Control Implementation.","type":"integer","format":"int64","example":1},"organizationId":{"description":"Organization GUID.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"control":{"description":"Implemented Control Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlExtInformation"},"status":{"description":"Implemented Control Status.","type":"string","example":"Implemented","enum":["Pending","Implemented","NotDoing","Suggested","Retired","Archived"],"deprecated":true},"statusInfo":{"description":"Status Details","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"effectiveness":{"description":"Implemented Control Effectiveness value.","type":"string","example":"Effective","enum":["Effective","Ineffective","Planned"],"deprecated":true},"effectivenessInfo":{"description":"Control Effectiveness Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"note":{"description":"Implemented Control Notes.","type":"string","example":"Testing Control"},"deadline":{"description":"Deadline","type":"string","format":"date","example":"2019-01-01"},"maturity":{"description":"Maturity Details.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"owner":{"description":"Implemented Control Owner.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"},"owners":{"description":"List of Implemented Control Owner.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"}},"approvers":{"description":"List of Implemented Control Approver.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_BasicEntityReference"}},"createdBy":{"description":"Created By.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"createDt":{"description":"Created Date.","type":"string","format":"date","example":"2019-01-01"},"lastModifiedBy":{"description":"Last Modified By.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"lastModifiedDate":{"description":"Last Modified on Date.","type":"string","format":"date","example":"2019-01-01"},"suggestion":{"description":"Suggestion","type":"string","example":"Suggested","enum":["Suggested","Accepted","Rejected"],"deprecated":true},"attributes":{"description":"Implemented Custom Attributes.","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"entity":{"description":"Entity which control implementation is linked to.","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlEntityInformation"},"inventoryRelationshipType":{"description":"Inventory hierarchy relationship.","type":"string"},"deleteType":{"description":"Soft delete status.","type":"string","enum":["SOFT"]},"controlImplementationName":{"description":"Control Implementation Name of the implemented control.","type":"string","example":"Control Implementation name"},"controlImplementationDescription":{"description":"Control Implementation Description of the implemented control.","type":"string","example":"Control Implementation Description"},"controlImplementationGuidance":{"description":"Control Implementation Guidance of the implemented control.","type":"string","example":"Control Implementation Guidance"},"controlImplementationCategoryId":{"description":"Control Implementation Category of the implemented control.","type":"string","format":"uuid","example":"Control Implementation Category Id"},"controlImplementationCategoryName":{"description":"Control Implementation Category Name of the implemented control.","type":"string","example":"Control Category Name"},"controlImplementationCategoryNameKey":{"description":"Control Implementation Name of the implemented control.","type":"string","example":"Control Category Name Key"},"controlImplementationOrigin":{"description":"Control Implementation Origin of the implemented control.","type":"string","example":"Control Implementation Origin"},"externalImplementationURL":{"description":"External ImplementationURL of the implemented control.","type":"string","example":"Control Implementation Link"},"externalControlImplementation":{"description":"is this an external control implementation.","type":"boolean","example":true},"relatedEntities":{"description":"EntityLinks associated with control implementation.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ImplementationEntityLinkDto"}},"inventoriesCount":{"description":"Related inventories count.","type":"integer","format":"int64","example":3},"risksCount":{"description":"Related risks count.","type":"integer","format":"int64","example":1}},"required":["control","id","implementationId","number","organizationId","status"]},"TechRiskCompliance-ITRiskManagement_ImplementationEntityLinkDto":{"type":"object","properties":{"id":{"description":"GUID of control implementation entity link.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"sourceId":{"description":"GUID of control implementation.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"sourceName":{"description":"Control implementation name.","type":"string","example":"Control name"},"sourceType":{"description":"Control implementation.","type":"string","example":"Control"},"targetId":{"description":"GUID of target entity.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5pe3"},"targetName":{"description":"Target entity name.","type":"string","example":"Asset124"},"targetType":{"description":"Target entity type.","type":"string","example":"Assets"},"organizationId":{"description":"GUID of organization.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"label":{"description":"Relationship label.","type":"string","example":"LEVERAGED_BY","enum":["IMPLEMENTED_ON","MITIGATES","LEVERAGED_BY","INCLUDED_IN","RELATED_TO"]},"primary":{"type":"boolean"}}},"TechRiskCompliance-ITRiskManagement_PageControlImplementationEntityDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlImplementationEntityDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_ControlCreateRequestDto":{"type":"object","properties":{"identifier":{"description":"The identifier of the control.","type":"string","example":"A.1.1","maxLength":50,"minLength":1},"name":{"description":"The name of the control.","type":"string","example":"Control ABC","maxLength":300,"minLength":1},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is top organization in the org hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"description":{"description":"Description of the control.","type":"string","example":"Testing Control","maxLength":3000,"minLength":0},"recommendation":{"description":"The recommendation status of this control based on Athena logic.","type":"string","example":"Recommended","maxLength":500,"minLength":0},"frameworkId":{"description":"Identifier of the framework the control is tied to.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"frameworkName":{"description":"Name of the framework the control is tied to.","type":"string","example":"NIST","maxLength":500,"minLength":0},"frameworkNameKey":{"description":"Identifier used for translation of Framework Name.","type":"string","example":"framework.NIST","maxLength":500,"minLength":0},"status":{"description":"The new status of the control. This can be Active, Archived, or Pending.","type":"string","example":"Active","enum":["Active","Archived","Pending"]},"categoryId":{"description":"The identifier of the category tied to the control. Optional if no category is needed or if category name is provided.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"The name of the category tied to the control. Optional if category Id is provided.","type":"string","example":"Access Control","maxLength":500,"minLength":0},"categoryNameKey":{"description":"Identifier used for translation of category name. Optional if category Id is provided.","type":"string","example":"category.AccessControl","maxLength":500,"minLength":0},"attributes":{"description":"Custom Attributes","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of control.","type":"string","example":"Testing Control"},"seedControlId":{"description":"The identifier of an existing control to use as a template for creating this new control.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"importBatchId":{"description":"The identifier of the import batch this control belongs to when importing multiple controls.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174001"},"origin":{"description":"The origin or creation method of this control (Manual, Import, API, etc.).","type":"string","example":"Manual","enum":["BulkImport","Manual","FrameworkImport","FrameworkContentUpdate"]},"otControlIdentifier":{"description":"The OneTrust system identifier for this control when importing from the OneTrust catalog.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174002"}},"required":["identifier","name","orgGroupId","origin"]},"TechRiskCompliance-ITRiskManagement_ControlDto":{"type":"object","properties":{"id":{"description":"The identifier of the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"identifier":{"description":"The identifier of the control.","type":"string","example":"A.5.1.1"},"name":{"description":"The name of the control.","type":"string","example":"Control Name"},"description":{"description":"Description of the control.","type":"string","example":"Test Controls for Privacy"},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is the top organization in the organization hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"frameworkId":{"description":"Identifier (GUID) of the framework on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryId":{"description":"Identifier (GUID) of the category on the control.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"Name of the category on the control.","type":"string","example":"Privacy"},"categoryNameKey":{"description":"Identifier used for translation of Category Name.","type":"string","example":"ControlName"},"recommendation":{"description":"Specific recommendations for implementing this control.","type":"string","example":"Implement multi-factor authentication for all administrative access to systems containing sensitive data"},"orgGroupName":{"description":"Name of the organization group that this control belongs to.","type":"string","example":"Information Security"},"seedControlId":{"description":"Reference to the control that was used as a template or source for creating this control.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000","deprecated":true},"otControlIdentifier":{"description":"OneTrust catalog identifier for this control when imported from the OneTrust control catalog.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174001"},"frameworkName":{"description":"Name of the framework associated with this control.","type":"string","example":"NIST Cybersecurity Framework"},"frameworkNameKey":{"description":"Localization key for the framework name.","type":"string","example":"nist_csf_framework"},"status":{"description":"Current status of the control (e.g., Active, Archived, Pending).","type":"string","example":"Active","enum":["Active","Archived","Pending"]},"viewOnly":{"description":"Flag indicating if this control is read-only and cannot be modified.","type":"boolean","example":false},"attributes":{"description":"Custom attributes for the control. These attributes are custom to the tenant.","type":"object","additionalProperties":{"type":"array","description":"Custom attributes for the control. These attributes are custom to the tenant.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlAttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of the control requirement.","type":"string","example":"Implementation guidance of the control requirement."}},"required":["id","identifier","name","orgGroupId","orgGroupName"]},"TechRiskCompliance-ITRiskManagement_PageControlDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_ImplementationAttachmentCreateRequest":{"type":"object","properties":{"controlAttachmentRequests":{"description":"List of attachment requests to be associated with the control implementation.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ImplementationAttachmentRequest"}}},"required":["controlAttachmentRequests"]},"TechRiskCompliance-ITRiskManagement_ImplementationAttachmentRequest":{"type":"object","properties":{"attachmentId":{"description":"Attachment Id.","type":"string","format":"uuid","example":"2c2e9e4d-4d4d-4d4d-4d4d-2c2e9e4d4d4d"},"fileName":{"description":"Attachment Description.","type":"string","example":"Attachment file name","minLength":1},"fileDescription":{"description":"Attachment Name.","type":"string","example":"Attachment description","minLength":1},"sourceId":{"description":"The Id of the source from which attachment is inherited.","type":"string","format":"uuid","example":"2c2e9e4d-4d4d-4d4d-4d4d-2c2e9e4d4d4d"},"sourceType":{"description":"The type of the source from which attachment is inherited.","type":"string","example":"Implementation"},"sourceName":{"description":"The name of the source from which attachment is inherited.","type":"string","example":"Control Implementation"}},"required":["attachmentId","fileDescription","fileName"]},"TechRiskCompliance-ITRiskManagement_PageControlImplementationDto":{"type":"object","properties":{"content":{"description":"The list of items for the current page.","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlImplementationDto"},"type":"array"},"empty":{"description":"The flag to check if the entity is empty or not.","type":"boolean","example":false},"first":{"description":"The flag to check if the entity is first entity or not.","type":"boolean","example":true},"last":{"description":"The flag to check if the entity is last entity or not.","type":"boolean","example":false},"number":{"description":"The number associated with the result.","type":"integer","format":"int32","example":0},"numberOfElements":{"description":"Total number of elements in the result.","type":"integer","format":"int32","example":20},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Pageable"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_Sort"},"totalPages":{"description":"Total number of pages in the result list.","type":"integer","format":"int32","example":5},"totalElements":{"description":"Total number of elements in the result.","type":"integer","format":"int64","example":50},"size":{"description":"Size of the result list.","type":"integer","format":"int32","example":20}}},"TechRiskCompliance-ITRiskManagement_AssociatedAttributeInformation":{"type":"object","properties":{"id":{"description":"Associated Attribute GUID","type":"string","format":"uuid"},"name":{"description":"Name","type":"string","example":"Count of members","minLength":1},"nameKey":{"description":"Name key","type":"string","example":"IM.CountOfMembersName"},"description":{"description":"Description","type":"string","example":"Provide details about count associated with this attribute"},"descriptionKey":{"description":"Description Key","type":"string","example":"IM.CountOfMembersDesc"},"schemaId":{"description":"Attribute Schema GUID","type":"string","format":"uuid"},"schemaName":{"description":"Attribute Schema Name","type":"string","example":"risk"},"fieldName":{"description":"Attribute field name","type":"string","example":"countOfMembers","minLength":1},"mappedFieldName":{"description":"Mapped Attribute field name. Should be used for sorting","type":"string","example":"count"},"enabled":{"description":"Indicator for attribute enabled/disabled","type":"boolean"},"responseType":{"description":"Response Type","type":"string","enum":["Text","SingleSelect","MultiSelect","Date","DateTime","NumericalText","NumericalSingleSelect","RadioButton","TextArea","Formula","Level","Range","Score","System"]},"responseSubType":{"description":"Response sub type","type":"string","enum":["Standard","Formula","Matrix","RollUp"]},"formula":{"description":"Formula for attribute","type":"string","example":"sum(1, 3)"},"options":{"description":"Attribute options","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeOptionInformation"}}},"required":["enabled","fieldName","id","responseType"]},"TechRiskCompliance-ITRiskManagement_AttributeInformation":{"type":"object","properties":{"id":{"description":"Attribute GUID","type":"string","format":"uuid","example":"550e8400-e29b-41d4-a716-446655440000"},"name":{"description":"Attribute name","type":"string","example":"Type of the Record","maxLength":255,"minLength":1},"nameKey":{"description":"Attribute name key which can be used for translation","type":"string","example":"IM.Name","maxLength":255},"description":{"description":"Attribute description","type":"string","example":"Gather Type for the record - provide some value related to nature of record","maxLength":1000},"descriptionKey":{"description":"Attribute description key which can be used for translation","type":"string","example":"IM.Name.Description","maxLength":255},"fieldName":{"description":"Attribute field name which can be used for uniquely identifying an attribute","type":"string","example":"nameOfRecord","maxLength":100,"minLength":1},"mappedFieldName":{"description":"Mapped Attribute field name. Should be used for sorting","type":"string","example":"name","maxLength":100},"enabled":{"description":"Indicator for attribute enabled/disabled","type":"boolean","example":true,"default":"true"},"required":{"description":"Indicator for mandatory attribute","type":"boolean","example":false,"default":"false"},"readOnly":{"description":"Indicator for read only attribute","type":"boolean","example":false,"default":"false"},"encrypted":{"description":"Indicate whether to encrypt the field value or not. Only supported for text, single select and multi select","type":"boolean","example":false,"default":"false"},"allowOther":{"description":"Indicator for allowing user defined options for attribute","type":"boolean","example":false,"default":"false"},"baseAttribute":{"description":"Indicate if attribute is part of extendable entity and which cannot be modified","type":"boolean","example":false,"default":"false"},"responseType":{"description":"Response type for attribute","type":"string","example":"Text","enum":["Text","SingleSelect","MultiSelect","Date","Formula","Score","Level","Range"]},"formula":{"description":"Formula for attribute","type":"string","example":"Default:Field4 + Default:Field3 + 100 + avg(CrossSchema:Field4 + Default:Field3)","maxLength":4000},"optionType":{"description":"Attribute Options value source type","type":"string","example":"None","enum":["None","Static","Dynamic"]},"optionAllowed":{"description":"Indicate if attribute can have static options or not","type":"boolean","example":false,"default":"false"},"schemaId":{"description":"Attribute Schema GUID","type":"string","format":"uuid","example":"550e8400-e29b-41d4-a716-446655440000"},"schemaName":{"description":"Attribute Schema Name","type":"string","example":"vendors","maxLength":100},"options":{"description":"Option's for given attribute based on response type","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeOptionInformation"}},"referenceCategories":{"description":"Categories for given attribute","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_CategoryInformation"}},"responseMaxLength":{"description":"Response max length","type":"integer","format":"int32","example":4000,"default":"4000","maximum":4000,"minimum":1},"responseSubType":{"description":"Response sub type","type":"string","example":"STANDARD","enum":["STANDARD","FORMULA","MATRIX"]},"associatedAttributeInformation":{"description":"Associated attribute information","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AssociatedAttributeInformation"}},"multiSelectMaxOptionValues":{"description":"MultiSelect max option values","type":"integer","format":"int32","example":10,"maximum":100,"minimum":1},"hidden":{"description":"Hidden","type":"boolean","example":false,"default":"false"},"optionUrl":{"description":"OptionUrl","type":"string","example":"/api/risk-v2/risk-categories","maxLength":255},"intakeQuestion":{"description":"Attribute Intake Question Details","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_IntakeQuestion"},"deleteMarker":{"description":"Indicate the status of an attribute's deletion process","type":"string","example":"MARKED_FOR_DELETE","enum":["MARKED_FOR_DELETE","DELETING","DELETED"]},"optionMetadata":{"description":"Option Metadata","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeOptionMetadataInformation"},"validationRuleId":{"description":"Validation Rule configured for Attribute (e.g., email, URL)","type":"string","example":"email"},"associatedAttributeFieldName":{"type":"string"}},"required":["enabled","fieldName","name"]},"TechRiskCompliance-ITRiskManagement_AttributeOptionInformation":{"type":"object","properties":{"id":{"description":"Option GUID","type":"string","format":"uuid","example":"550e8400-e29b-41d4-a716-446655440000"},"option":{"description":"Option name","type":"string","example":"TypeA","maxLength":255,"minLength":1},"optionKey":{"description":"Option Key which can be used for translation","type":"string","example":"IM.TypeA","maxLength":255},"colorCode":{"description":"Color code for the option","type":"string","example":"#FF5733","maxLength":7},"sequence":{"description":"Option sequence for ordering","type":"integer","format":"int32","example":1,"maximum":32767,"minimum":1},"enabled":{"description":"Indicates if the option is enabled or disabled","type":"boolean","example":true,"default":"true"},"metadata":{"description":"Additional metadata for the attribute option","$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributeOptionMetadata"}},"required":["option"]},"TechRiskCompliance-ITRiskManagement_AttributeOptionMetadata":{"type":"object","properties":{"hint":{"description":"Hint","type":"string"},"hintKey":{"description":"Hint key which can be used for translation","type":"string"}}},"TechRiskCompliance-ITRiskManagement_AttributeOptionMetadataInformation":{"type":"object","properties":{"entityTypeName":{"description":"Option Source Entity Type","type":"string","example":"Location"},"basicServiceContextPath":{"description":"Basic Url for the Option source Service","type":"string","example":"/api/location"},"optionUrl":{"description":"Api URL for the Drop Down Api","type":"string","example":"/api/location/ui/v1/entity-types/names/Location/entities/basic-details"},"viewType":{"description":"This will help to identify the view type of list","type":"string"}}},"TechRiskCompliance-ITRiskManagement_IntakeQuestion":{"type":"object","properties":{"nameKey":{"type":"string","maxLength":100,"minLength":0},"name":{"type":"string","maxLength":500,"minLength":0},"descriptionKey":{"type":"string","maxLength":100,"minLength":0},"description":{"type":"string","maxLength":500,"minLength":0}}},"TechRiskCompliance-ITRiskManagement_AttributePredicate":{"type":"object","properties":{"field":{"description":"The field name used to filter results.","type":"string"},"operator":{"description":"The relationship that must be met between the field and value.","type":"string","enum":["EQUAL_TO","NOT_EQUAL_TO","GREATER_THAN","GREATER_THAN_EQUAL_TO","LESS_THAN","LESS_THAN_EQUAL_TO","BETWEEN"]},"value":{"description":"The field value used to filter results. If filtering for a range of values, this would be the start of the range and should be used in conjunction with the `toValue` parameter. \nExamples by type: UUID = 'e68d49c4-f11f-4cd9-8f1b-0be8ef945b8f', LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7","type":"object","oneOf":[{"type":"string","format":"uuid"},{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]},"toValue":{"description":"The field value for the end of the range. This field should be used in conjunction with the `value` parameter. \nExamples by type: LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7","type":"object","oneOf":[{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]}},"required":["field"]},"TechRiskCompliance-ITRiskManagement_AttributeQueryCriteria":{"type":"object","properties":{"filters":{"description":"The fields and values used to filter results.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_AttributePredicate"},"uniqueItems":true},"fullText":{"description":"The key terms for the search criteria.","type":"string","maxLength":500,"minLength":0}}},"TechRiskCompliance-ITRiskManagement_ControlDetail":{"type":"object","properties":{"id":{"description":"Control GUID.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"identifier":{"description":"Control Identifier.","type":"string","example":"A.1.1"},"name":{"description":"Control Name.","type":"string","example":"Control ABC"}},"required":["id","identifier","name"]},"TechRiskCompliance-ITRiskManagement_ControlRemovalResponse":{"type":"object","properties":{"deletedControl":{"description":"List of controls that were deleted.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlDetail"}},"nonDeletedControl":{"description":"List of controls that could not be deleted.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-ITRiskManagement_ControlDetail"}}}},"TechRiskCompliance-RiskTemplate_AttributeValueInformation":{"type":"object","properties":{"id":{"description":"Unique identifier for the attribute option","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"value":{"description":"Attribute value","type":"string","example":"Text Value"},"valueKey":{"description":"Translation key used for localizing the value","type":"string","example":"attribute.option.valueKey"},"colorCode":{"description":"Color code associated with the option. Used for score-based attributes.","type":"string","example":"red"},"optionSelectionValue":{"description":"Selection score value linked to the option. Used for score-based or numerical-based attributes.","type":"string","example":"3.5"},"displayLabel":{"description":"Display name for the option, used for external attributes managed by other systems","type":"string","example":"United State | San Francisco"},"disabled":{"description":"Indicates whether this attribute option is currently disabled.","type":"boolean","example":false,"default":"false"}},"required":["value"]},"TechRiskCompliance-RiskTemplate_BasicEntityDetail":{"type":"object","properties":{"id":{"description":"The unique identifier of the organization entity.","type":"string","format":"uuid","example":"7009201b-3808-4eaa-8afa-97f50c6c3cf1"},"name":{"description":"The display name of the organization entity.","type":"string","example":"Entity name"}}},"TechRiskCompliance-RiskTemplate_ControlInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the control entity.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"name":{"description":"The display name of the control.","type":"string","example":"Control Name"},"identifier":{"description":"The reference identifier of the control.","type":"string","example":"123"}}},"TechRiskCompliance-RiskTemplate_RiskCategoryInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the risk category.","type":"string","format":"uuid","example":"d7e5c1a2-42a0-4cd7-83b1-d0a2ff064cb7"},"name":{"description":"The display name of the risk category.","type":"string","example":"Category Name"},"nameKey":{"description":"The translation key used for localizing the category name.","type":"string","example":"RiskCategory.Availability"}}},"TechRiskCompliance-RiskTemplate_RiskLevelDetails":{"type":"object","properties":{"levelId":{"description":"The numeric identifier for target standard risk scoring.","type":"integer","format":"int64","example":1},"level":{"description":"The target risk level name for standard scoring methodology.","type":"string","example":"Low"},"impactLevelId":{"description":"The numeric identifier for target impact in matrix scoring.","type":"integer","format":"int64","example":1},"impactLevel":{"description":"The target impact level name for matrix methodology.","type":"string","example":"Low"},"probabilityLevelId":{"description":"The numeric identifier for target probability in matrix scoring.","type":"integer","format":"int64","example":1},"probabilityLevel":{"description":"The target probability level name for matrix methodology.","type":"string","example":"Low"},"riskScore":{"description":"The target numeric risk score value after mitigation.","type":"number","example":2}}},"TechRiskCompliance-RiskTemplate_RiskTemplateInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the risk template.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"The display name of the risk template.","type":"string","example":"Operational Risk Template"},"riskName":{"description":"The name of the risk associated with this template.","type":"string","example":"Operational Risk"},"description":{"description":"The detailed description of the risk template.","type":"string","example":"A structured template to identify, assess, and manage risks"},"state":{"description":"The current status indicating if the template is active or archived.","type":"string","example":"ACTIVE","enum":["ACTIVE","ARCHIVED"]},"orgGroup":{"description":"The organization group that owns this risk template.","$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_BasicEntityDetail"},"treatmentPlan":{"description":"The treatment plan text describing risk mitigation strategies.","type":"string","example":"Operational Risk treatment plan"},"inherentRiskLevel":{"description":"The inherent risk level assessment before controls are applied.","$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_RiskLevelDetails"},"targetRiskLevel":{"description":"The target risk level assessment after implementing controls.","$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_RiskLevelDetails"},"threat":{"description":"The threat information associated with this risk template.","$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_ThreatInformation"},"vulnerabilities":{"description":"The list of vulnerabilities associated with this risk template.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_VulnerabilityInformation"}},"categories":{"description":"The list of risk categories assigned to this template.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_RiskCategoryInformation"}},"controls":{"description":"The list of controls associated with this risk template.","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_ControlInformation"}},"createdDate":{"description":"The timestamp when the risk template was created.","type":"string","format":"date-time","example":"2025-07-15T09:27:53.123Z"},"attributeValues":{"description":"The custom attributes and their values specific to this risk template.","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-RiskTemplate_AttributeValueInformation"}}}}},"TechRiskCompliance-RiskTemplate_ThreatInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the threat entity.","type":"string","format":"uuid","example":"f3e9e8b4-1c5e-4f3e-9c58-92d8d6d2ea7a"},"name":{"description":"The display name of the threat.","type":"string","example":"Threat Name"},"identifier":{"description":"The reference identifier of the threat.","type":"string","example":"456"}}},"TechRiskCompliance-RiskTemplate_VulnerabilityInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the vulnerability entity.","type":"string","format":"uuid","example":"6e4b2d9a-7fc7-4ef2-8129-3a4f84e7d314"},"name":{"description":"The display name of the vulnerability.","type":"string","example":"Threat Name"},"identifier":{"description":"The reference identifier of the vulnerability.","type":"string","example":"245"}}},"TechRiskCompliance-Risk_AssociatedAttributeValueInformation":{"type":"object","properties":{"id":{"description":"Unique identifier for the attribute option","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"value":{"description":"Attribute value","type":"string","example":"Text Value"},"valueKey":{"description":"Translation key used for localizing the value","type":"string","example":"attribute.option.valueKey"},"colorCode":{"description":"Color code associated with the option. Used for score-based attributes.","type":"string","example":"red"}},"required":["value"]},"TechRiskCompliance-Risk_AttributeValueInformation":{"type":"object","properties":{"id":{"description":"Unique identifier for the attribute option","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"value":{"description":"Attribute value","type":"string","example":"Text Value"},"valueKey":{"description":"Translation key used for localizing the value","type":"string","example":"attribute.option.valueKey"},"colorCode":{"description":"Color code associated with the option. Used for score-based attributes.","type":"string","example":"red"},"optionSelectionValue":{"description":"Selection score value linked to the option. Used for score-based or numerical-based attributes.","type":"string","example":"3.5"},"displayLabel":{"description":"Display name for the option, used for external attributes managed by other systems","type":"string","example":"United State | San Francisco"},"associatedAttributeValueInformation":{"description":"Associated attribute option information","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AssociatedAttributeValueInformation"}},"disabled":{"description":"Indicates whether this attribute option is currently disabled.","type":"boolean","example":false,"default":"false"}},"required":["value"]},"TechRiskCompliance-Risk_BasicEntityDetail":{"type":"object","properties":{"id":{"description":"Unique Identifier for the Entity","type":"string","format":"uuid","example":"e549ec16-b42a-4612-a402-3fcce7cc5f78"},"name":{"description":"Name for the Entity","type":"string","example":"Acme Corp, John Doe","maxLength":300}}},"TechRiskCompliance-Risk_BasicEntityDetailTranslation":{"type":"object","properties":{"id":{"description":"Unique Identifier for the Entity","type":"string","format":"uuid","example":"e549ec16-b42a-4612-a402-3fcce7cc5f78"},"name":{"description":"Name for the Entity","type":"string","example":"Acme Corp, John Doe","maxLength":300},"nameKey":{"description":"Name key for entity detail translation","type":"string","example":"entity.detail","maxLength":255},"badgeColor":{"description":"Badge Color of the Entity","type":"string","example":"New","maxLength":50}}},"TechRiskCompliance-Risk_BasicStageApproverDetails":{"type":"object","properties":{"id":{"description":"UUID of the user","type":"string","format":"uuid","example":"3f99b4ac-7c66-45b6-8ff4-63a67a3ec7be"},"firstName":{"description":"first Name of the user","type":"string","example":"John","maxLength":100},"lastName":{"description":"last name of the user","type":"string","example":"Doe","maxLength":100},"approvedTimeStamp":{"description":"time stamp when the stage was approved","type":"string","format":"date-time","example":"32025-07-12T14:52:30.123Z"},"status":{"description":"status of the review","type":"string","example":"Accepted"}}},"TechRiskCompliance-Risk_BasicStageDetailTranslation":{"type":"object","properties":{"id":{"description":"Unique Identifier for the Entity","type":"string","format":"uuid","example":"e549ec16-b42a-4612-a402-3fcce7cc5f78"},"name":{"description":"Name for the Entity","type":"string","example":"Acme Corp, John Doe","maxLength":300},"currentStageApprovers":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicStageApproverDetails"},"uniqueItems":true},"nameKey":{"description":"Name key for entity detail translation","type":"string","example":"entity.detail","maxLength":300},"badgeColor":{"description":"Badge Color of the Stage","type":"string","example":"New","maxLength":50}}},"TechRiskCompliance-Risk_EntityTypeInformation":{"type":"object","properties":{"id":{"description":"Entity Type ID. This can be Assets, Entities, PIA, Engagement, Custom Object GUID in form of String.","type":"string","example":"3f99b4ac-7c66-45b6-8ff4-63a67a3ec7be"},"label":{"description":"Entity Type Name","type":"string","example":"Inventory","maxLength":512},"translationKey":{"description":"Translation Key of Entity Type ID","type":"string","example":"OBJ.Objective","maxLength":255},"seeded":{"description":"For Base Entity Type Seeded is true and false for Custom Object/Entity Types by default.","type":"boolean","example":false},"sourceType":{"description":"Indicates whether this type can be source type or not in Risk","type":"boolean","example":false},"riskType":{"description":"Indicates whether this type can be risk type or not in Risk","type":"boolean","example":true},"eligibleForEntityLink":{"description":"Indicates whether entity type is eligible for linking/relating with risk or not","type":"boolean","example":false},"enabled":{"description":"Indicates whether the entity type is enabled or not.","type":"boolean","example":false},"moduleName":{"description":"Name of the module","type":"string","example":"Objective","maxLength":255}},"required":["id"]},"TechRiskCompliance-Risk_InventoryInformation":{"type":"object","properties":{"inventoryId":{"description":"Unique Identifier of the Inventory","type":"string","format":"uuid","example":"57a87cd3-0a1f-4439-bd5b-917e1d23eb5c"},"inventoryName":{"description":"Name of the Inventory","type":"string","example":"Raw Materials Inventory","maxLength":2000},"inventoryType":{"description":"Type of the Inventory","type":"string","example":"VENDORS","enum":["ASSETS","PROCESSING_ACTIVITIES","VENDORS","ENTITIES"],"deprecated":true},"sourceType":{"description":"Type of Inventory","$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"},"softInherited":{"description":"Soft Inherited flag","type":"boolean","example":true},"organizationId":{"description":"Unique Identifier of the organization","type":"string","format":"uuid","example":"f8583fd1-21cb-4c7c-a337-2982246418e5"}}},"TechRiskCompliance-Risk_RiskCategoryInformation":{"type":"object","properties":{"id":{"description":"Risk Category unique identifier","type":"string","format":"uuid","example":"46c58be9-4ab9-42ca-8f49-29fec6a5fb6e"},"name":{"description":"Risk Category name","type":"string","example":"Financial","maxLength":100},"nameKey":{"description":"Risk Category nameKey for localization support","type":"string","example":"RiskCategory.Financial","maxLength":100},"seeded":{"description":"Seeded category","type":"boolean","example":false}}},"TechRiskCompliance-Risk_RiskInformation":{"type":"object","properties":{"id":{"description":"Unique identifier for the risk","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"level":{"description":"Level for the risk","type":"string","example":"Low"},"probabilityLevel":{"description":"Probability Level for the risk","type":"string","example":"Low"},"impactLevel":{"description":"Impact Level for the risk","type":"string","example":"Low"},"actionId":{"description":"ActionId for the Risk","type":"integer","format":"int64","example":1},"createdBy":{"description":"UUId of the user who created the the risk","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"state":{"description":"State of the risk","type":"string","example":"REDUCED","enum":["IDENTIFIED","RECOMMENDATION_ADDED","RECOMMENDATION_SENT","REMEDIATION_PROPOSED","EXCEPTION_REQUESTED","REDUCED","RETAINED","ARCHIVED_IN_VERSION"],"maxLength":20},"previousState":{"description":"Previous State of the risk","type":"string","example":"REDUCED","enum":["IDENTIFIED","RECOMMENDATION_ADDED","RECOMMENDATION_SENT","REMEDIATION_PROPOSED","EXCEPTION_REQUESTED","REDUCED","RETAINED","ARCHIVED_IN_VERSION"]},"type":{"description":"Type of risk","type":"string","example":"ASSETS","enum":["ASSESSMENTS","ASSETS","PROCESSING_ACTIVITIES","VENDORS","ENTITIES","INCIDENTS","ESG","GENERAL"],"deprecated":true},"riskType":{"description":"Type information of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"},"typeRefIds":{"description":"Type ref Ids for the risk","type":"array","items":{"type":"string","format":"uuid"},"example":["a34ccec7-1ec0-4d65-9075-bdd0d923f1d1","d1622fad-2186-4ed6-8133-33e3fde47759"]},"sourceType":{"description":"Source Type for the risk","type":"string","example":"PIA","enum":["PIA","GRA","INVENTORY","INCIDENT","ENGAGEMENT","GENERIC"],"deprecated":true},"riskSourceType":{"description":"Source type information of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"},"source":{"description":"Source information of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSourceInformation"},"description":{"description":"Description for the risk","type":"string","example":"Ability to obtain sufficient liquidity for funding capacity","maxLength":4000},"recommendation":{"description":"Recommendation for the risk","type":"string","example":"Establish a Liquidity Buffer","maxLength":4000},"remediationProposal":{"description":"Remediation Proposal for the risk","type":"string","example":"Develop a Liquidity Management Policy"},"riskOwnerId":{"description":"Unique identifier of the risk owner","type":"string","format":"uuid","example":"54a5730b-205b-4256-a9cf-59a7808ccb79","deprecated":true},"riskOwner":{"description":"Name of the risk owner","type":"string","example":"John Doe","deprecated":true},"riskOwnersId":{"description":"List of unique identifiers of the risk owners","type":"array","items":{"type":"string","format":"uuid"},"example":["a34ccec7-1ec0-4d65-9075-bdd0d923f1d1","d1622fad-2186-4ed6-8133-33e3fde47759"],"deprecated":true},"riskOwnersName":{"description":"Name of the risk owner","type":"string","example":"John Doe","deprecated":true},"orgGroup":{"description":"Org group details for the Risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"riskApproversId":{"description":"List of unique identifiers of the risk Approvers","type":"array","items":{"type":"string","format":"uuid"},"example":["a34ccec7-1ec0-4d65-9075-bdd0d923f1d1","1622fad-2186-4ed6-8133-33e3fde47759"],"deprecated":true},"requestedException":{"description":"Requested Exception of the risk","type":"string","example":"Established, undrawn committed credit facilities"},"mitigation":{"description":"Mitigation of the risk","type":"string","example":"Funding diversification efforts are ongoing "},"justification":{"description":"Justification of the risk","type":"string","example":"Efforts to improve working capital management"},"deadline":{"description":"deadline for the risk","type":"string","format":"date-time","example":"2025-07-10T14:30:45.123Z"},"mitigatedDate":{"description":"Mitigated date for the risk","type":"string","format":"date-time","example":"2025-07-10T14:30:45.123Z"},"references":{"description":"References for the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskReferenceInformation"}},"createdUTCDateTime":{"description":"created timestamp for the risk","type":"string","format":"date-time","example":"2025-07-10T14:30:45.123Z"},"lastModifiedUTCDateTime":{"description":"last updated timestamp for the risk","type":"string","format":"date-time","example":"2025-07-10T14:30:45.123Z"},"updatedBy":{"description":"Details of the user who last updated the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"probabilityLevelId":{"description":"Probability Level Id of the risk","type":"integer","format":"int64","example":2},"impactLevelId":{"description":"Impact Level Id of the risk","type":"integer","format":"int64","example":2},"riskScore":{"description":"Risk score","type":"number","example":2},"levelId":{"description":"Level Id of the risk","type":"integer","format":"int64","example":2},"levelDisplayName":{"description":"Level Name of the risk","type":"string","example":"Low"},"viewOnly":{"type":"boolean"},"number":{"description":"Number of the risk, autogenerated","type":"integer","format":"int64","example":2},"controlsIdentifier":{"description":"List of Controls associated with the risk","type":"array","items":{"type":"string"},"example":["1.0.0","1.0"]},"creationType":{"description":"Creation Type of the risk","type":"string"},"categories":{"description":"Categories associated with the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskCategoryInformation"}},"associatedInventories":{"description":"Inventories associated with the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_InventoryInformation"}},"riskApprovers":{"description":"Name of the risk approver","type":"string","example":"John Doe","deprecated":true},"inherentRiskLevel":{"description":"Inherent Risk Level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"targetRiskLevel":{"description":"Target Risk Level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"treatment":{"description":"Treatment of the risk","type":"string","example":"Mitigation"},"result":{"description":"Result of the risk","type":"string","example":"Approved"},"treatmentStatus":{"description":"Treatment Status of the risk","type":"string","example":"In Progress"},"resultDetails":{"description":"Result Details of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"},"treatmentStatusDetails":{"description":"Treatment Status Details of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"},"workflow":{"description":"Details of the workflow for this risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetailTranslation"},"stage":{"description":"Details of the stage for this risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicStageDetailTranslation"},"deleteType":{"description":"Delete type of the risk","type":"string","example":"SOFT","enum":["SOFT","ARCHIVE","MIGRATED"]},"dateClosed":{"description":"Date closed for the risk","type":"string","format":"date-time","example":"2025-07-10T14:30:45.123Z"},"threat":{"description":"threat for the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_ThreatInformation"},"vulnerabilities":{"description":"list of vulnerabilities for the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_VulnerabilityInformation"}},"attributeValues":{"description":"Custom Attributes","type":"object","example":{"attributeSingleSelectValue.value1":[{"id":"0d2455f5-0a3d-463c-831a-671b620f5d8c","value":"1","valueKey":"Risk.Attributes.44cc7a47-fc22-4339-a4f9-8bba492eba7f"}],"attributeSingleSelectValue.value2":[],"attributeSingleSelectValue.value11":[],"attributeSingleSelectValue.value12":[],"attributeSingleSelectValue.value18":[]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"typeRefId":{"description":"Type ref Id for the risk, deprecated in favour of typeRefIds","type":"string","format":"uuid","example":"92b48b97-c212-4b6c-9c47-2ebdc18da455","deprecated":true},"reminderDays":{"description":"Duration in days after which a reminder will be sent","type":"integer","format":"int64","example":4},"ruleRootVersionId":{"description":"Unique identifier for the rule root version","type":"string","format":"uuid","example":"5c91cf60-c6d1-4f7d-ba74-e4f1601b54fa"},"riskTemplate":{"description":"Risk Template details of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"owners":{"description":"Risk Owners details of the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"}},"approvers":{"description":"Risk Approvers details of the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"}},"name":{"description":"Name of the risk","type":"string","example":"Financial Risk","maxLength":300},"closed":{"description":"Indicates if the risk is closed","type":"boolean","example":true},"currentStageApproversCount":{"description":"The count of approvers of the current stage","type":"integer","format":"int64","example":1},"migrationStatus":{"description":"Migration status of the risk","type":"string","example":"IN_PROGRESS","enum":["PENDING","IN_PROGRESS","IN_COMPLETE","SUCCESS","FAILED"]},"ownersId":{"type":"array","items":{"type":"string","format":"uuid"}},"riskManager":{"description":"List of Risk Managers associated with the risk","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"}}}},"TechRiskCompliance-Risk_RiskLevelDetails":{"type":"object","properties":{"levelId":{"description":"Risk level identifier","type":"integer","format":"int64"},"level":{"description":"Risk level name","type":"string"},"impactLevelId":{"description":"Impact level identifier","type":"integer","format":"int64"},"impactLevel":{"description":"Impact level name","type":"string"},"probabilityLevelId":{"description":"Probability level identifier","type":"integer","format":"int64"},"probabilityLevel":{"description":"Probability level name","type":"string"},"riskScore":{"description":"Calculated risk score","type":"number"},"levelGuid":{"description":"Risk level unique identifier","type":"string","format":"uuid"},"levelKey":{"description":"Risk level key","type":"string"},"colorCode":{"description":"Risk level color code","type":"string"},"impactLevelGuid":{"description":"Impact level unique identifier","type":"string","format":"uuid"},"impactLevelKey":{"description":"Impact level key","type":"string"},"probabilityLevelGuid":{"description":"Probability level unique identifier","type":"string","format":"uuid"},"probabilityLevelKey":{"description":"Probability level key","type":"string"}}},"TechRiskCompliance-Risk_RiskReferenceInformation":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"type":{"type":"string","enum":["ASSESSMENT","INVENTORY","INCIDENT","ENGAGEMENT","GENERIC"],"deprecated":true},"referenceType":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"},"name":{"type":"string"},"additionalAttributes":{"type":"object","additionalProperties":{"type":"object"}}}},"TechRiskCompliance-Risk_RiskSourceInformation":{"type":"object","properties":{"id":{"description":"Source Entity Id","type":"string","format":"uuid","example":"d974c78a-c2f0-480a-aa27-4d40c44bb890"},"type":{"description":"Source Type for the risk","type":"string","example":"PIA","enum":["PIA","GRA","INVENTORY","INCIDENT","ENGAGEMENT","GENERIC"],"deprecated":true},"sourceType":{"description":"Source type information of the risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_EntityTypeInformation"},"name":{"description":"Source Entity Name","type":"string","example":"Raw Materials and Sales Inventory"},"additionalAttributes":{"description":"Additional information about the Source Entity. This will be a Map of String Key and Object value. 'inventoryType' key is mandatory to be passed when sourceType is 'Inventory', and it can have one of the following values, 20 - Assets, 30 - Processing Activities, 50 - Vendors, 60 - Entities","type":"object","additionalProperties":{"type":"object"}}},"required":["id","name"]},"TechRiskCompliance-Risk_ThreatInformation":{"type":"object","properties":{"id":{"description":"Threat Id","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"name":{"description":"Threat Name","type":"string","example":"Malware"},"identifier":{"description":"Threat Identifier","type":"string","example":"THRT123456"}}},"TechRiskCompliance-Risk_VulnerabilityInformation":{"type":"object","properties":{"id":{"description":"Vulnerability Id","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"name":{"description":"Vulnerability Name","type":"string","example":"Cross-Site Scripting (XSS)"},"identifier":{"description":"Vulnerability Identifier","type":"string","example":"VULN123456"}}},"TechRiskCompliance-Risk_RiskUpdateRequest":{"type":"object","properties":{"level":{"description":"risk level","type":"string","example":"MEDIUM","enum":["LOW","MEDIUM","HIGH","VERY_HIGH"],"deprecated":true},"description":{"description":"description","type":"string","example":"This is a test risk ","maxLength":4000,"minLength":0},"recommendation":{"description":"recommendation","type":"string","example":"Implement the required controls ","maxLength":4000,"minLength":0},"mitigation":{"description":"mitigation","type":"string","example":"Implement security controls to mitigate the risk"},"requestedException":{"description":"requested exception","type":"string","example":"Requesting exception due to business impact"},"riskOwnerId":{"description":"risk owner id","type":"string","format":"uuid","example":"1c412288-b9fa-4fd6-98be-467b2824d33a","deprecated":true},"riskOwner":{"description":"risk owner name","type":"string","example":"Maya Mohan","deprecated":true},"riskOwners":{"description":"list of risk owners","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"example":[{"id":"1c412288-b9fa-4fd6-98be-467b2824d33a","name":"Maya Mohan"}]},"orgGroupId":{"description":"organization group id","type":"string","format":"uuid","example":"b2dd4735-1347-4751-91c2-0b2d58174f9d"},"riskApproversId":{"description":"list of approver ids","type":"array","items":{"type":"string","format":"uuid"},"example":["1c412288-b9fa-4fd6-98be-467b2824d33a"]},"deadline":{"description":"deadline, format - YYYY-MM-DDTHH:MM:SS.FFFZ","type":"string","format":"date-time","example":"2021-04-13T04:00:00.000Z"},"reminderDays":{"description":"number of days before the deadline when the reminder will be sent","type":"integer","format":"int64","example":2},"action":{"description":"risk action","type":"string","example":"RECOMMENDATION_ADDED","enum":["RISK_CREATED","RECOMMENDATION_ADDED","RECOMMENDATION_REMOVED","RECOMMENDATION_SEND","REMEDIATION_PROPOSED","REMEDIATION_APPROVED","REMEDIATION_REJECTED","REMEDIATION_REMOVED","EXCEPTION_REQUESTED","EXCEPTION_GRANTED","EXCEPTION_REJECTED","EXCEPTION_REMOVED"]},"probabilityLevelId":{"description":"probability level id","type":"integer","format":"int64","example":3},"impactLevelId":{"description":"impact level id","type":"integer","format":"int64","example":1},"riskScore":{"description":"risk score","type":"number","example":4},"levelId":{"description":"risk level Id, replacement for level field","type":"integer","format":"int64","example":2},"categoryIds":{"description":"List of Category Ids","type":"array","items":{"type":"string","format":"uuid"},"example":["5d83f96b-ffb8-444e-b440-248a3103c663"]},"inherentRiskLevel":{"description":"Inherent risk level details","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"targetRiskLevel":{"description":"Target risk level details","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"treatment":{"description":"AKA remediation in current workflow","type":"string","example":"Implement security controls","maxLength":4000,"minLength":0},"threatId":{"description":"Threat id","type":"string","format":"uuid","example":"1e235192-9987-4bae-b553-a3e3ca19d020"},"vulnerabilityIds":{"description":"List of vulnerabilityIds","type":"array","items":{"type":"string","format":"uuid"},"example":["bedb4c52-eb7c-4633-8e4d-264fe57b79a1"]},"attributeValues":{"description":"Custom Attributes","type":"object","example":{"attributeSingleSelectValue.value1":[{"id":"0d2455f5-0a3d-463c-831a-671b620f5d8c","value":"1","valueKey":"Risk.Attributes.44cc7a47-fc22-4339-a4f9-8bba492eba7f"}],"attributeSingleSelectValue.value2":[],"attributeSingleSelectValue.value11":[],"attributeSingleSelectValue.value12":[],"attributeSingleSelectValue.value18":[]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"name":{"description":"name","type":"string","example":"risk name for a test risk ","maxLength":300,"minLength":0},"result":{"description":"Result to set on Risk as part of approval ","type":"string","example":"Accepted","enum":["Accepted","Avoided","Reduced","Rejected","Transferred","Ignored"]},"treatmentStatus":{"description":"treatment status to set for Risk in Custom Workflows","type":"string","example":"InProgress","enum":["InProgress","UnderReview","ExceptionRequested","Approved","ExceptionGranted"]},"resultId":{"type":"string","format":"uuid"},"treatmentStatusId":{"type":"string","format":"uuid"},"inherentLevelId":{"type":"integer","format":"int64"},"riskManager":{"description":"list of manager ids","type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true}},"required":["result"]},"TechRiskCompliance-Risk_RiskSubmitRequest":{"type":"object","properties":{"comment":{"description":"Comment to Update","type":"string","example":"Submitting risk for approval","maxLength":4000,"minLength":0}}},"TechRiskCompliance-Risk_RiskSendBackRequest":{"type":"object","properties":{"comment":{"description":"Comment to Update","type":"string","example":"Send back for more information","maxLength":4000,"minLength":0}}},"TechRiskCompliance-Risk_RiskExceptionRequest":{"type":"object","properties":{"comment":{"description":"Comment to Update","type":"string","example":"Requesting exception for risk","maxLength":4000,"minLength":0}}},"TechRiskCompliance-Risk_RiskReopenRequest":{"type":"object","properties":{"comment":{"description":"Comment to Update","type":"string","maxLength":4000,"minLength":0},"workflow":{"description":"Workflow assigned to risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"stage":{"description":"Workflow stage assigned to Risk","$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"runStageRules":{"description":"Should run workflow stage rule for Risk?","type":"boolean"}}},"TechRiskCompliance-Risk_RiskOwnerUpdateRequest":{"type":"object","properties":{"riskOwners":{"description":"List of risk owners","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"example":[{"id":"1c412288-b9fa-4fd6-98be-467b2824d33a","name":"Maya Mohan"}]},"jsonAnyProperties":{"type":"object","additionalProperties":{"type":"object"}}}},"TechRiskCompliance-Risk_RiskGrantExceptionRequest":{"type":"object","properties":{"result":{"description":"Result to set on Risk as part of approval ","type":"string","enum":["Accepted","Avoided","Reduced","Rejected","Transferred","Ignored"]},"resultId":{"type":"string","format":"uuid"},"residualRiskLevelId":{"description":"Residual Risk Level Id","type":"integer","format":"int64"},"residualProbabilityLevelId":{"description":"Residual Probability Level Id","type":"integer","format":"int64"},"residualImpactLevelId":{"description":"Residual Impact Level Id","type":"integer","format":"int64"},"residualRiskScore":{"description":"Residual Risk Score","type":"number"},"comment":{"description":"Comment to Update","type":"string"},"attributeValues":{"description":"Supported Risk Score Attributes Values","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}}},"required":["result"]},"TechRiskCompliance-Risk_RiskApproverUpdateRequest":{"type":"object","properties":{"riskApprovers":{"description":"List of risk approvers","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"example":[{"id":"1c412288-b9fa-4fd6-98be-467b2824d33a","name":"Maya Mohan"}]},"jsonAnyProperties":{"type":"object","additionalProperties":{"type":"object"}}}},"TechRiskCompliance-Risk_RiskApproveRequest":{"type":"object","properties":{"result":{"description":"Result to set on Risk as part of approval ","type":"string","enum":["Accepted","Avoided","Reduced","Rejected","Transferred","Ignored"]},"resultId":{"description":"ID of the Risk","type":"string","format":"uuid","example":"a34ccec7-1ec0-4d65-9075-bdd0d923f1d1"},"residualRiskLevelId":{"description":"Residual Risk Level Id","type":"integer","format":"int64","example":2},"residualProbabilityLevelId":{"description":"Residual Probability Level Id","type":"integer","format":"int64","example":2},"residualImpactLevelId":{"description":"Residual Impact Level Id","type":"integer","format":"int64","example":2},"residualRiskScore":{"description":"Residual Risk Score","type":"number","example":2},"comment":{"description":"Comment to Update","type":"string","example":"This Risk was reviewed and Accepted","maxLength":4000,"minLength":0},"attributeValues":{"description":"Supported Risk Score Attributes Values","type":"object","example":{"attributeSingleSelectValue.value1":[{"id":"0d2455f5-0a3d-463c-831a-671b620f5d8c","value":"1","valueKey":"Risk.Attributes.44cc7a47-fc22-4339-a4f9-8bba492eba7f"}],"attributeSingleSelectValue.value2":[],"attributeSingleSelectValue.value11":[],"attributeSingleSelectValue.value12":[],"attributeSingleSelectValue.value18":[]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}}},"required":["residualRiskLevelId","residualRiskScore","result"]},"TechRiskCompliance-Risk_RiskCreateRequest":{"type":"object","properties":{"type":{"description":"risk type","type":"string","example":"ASSETS"},"source":{"description":"source information","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSourceInformation"},"associatedInventory":{"description":"associated inventory information","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSourceInformation"},"description":{"description":"description","type":"string","example":"Ability to obtain sufficient liquidity for funding capacity","maxLength":4000,"minLength":0},"recommendation":{"description":"recommendation","type":"string","example":"Implement the required controls ","maxLength":4000,"minLength":0},"conditionGroupId":{"description":"condition Group Id for risk creation rule.","type":"integer","format":"int64"},"conditionGroupUuid":{"description":"condition Group uuid for risk creation rule.","type":"string","format":"uuid"},"riskOwnerId":{"description":"risk owner id","type":"string","format":"uuid","deprecated":true},"riskOwner":{"description":"risk owner name","type":"string","example":"John Doe","deprecated":true},"riskOwners":{"description":"list of risk owners","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"},"example":[{"id":"1c412288-b9fa-4fd6-98be-467b2824d33a","name":"Maya Mohan"}]},"orgGroupId":{"description":"organization group id","type":"string","format":"uuid","example":"b2dd4735-1347-4751-91c2-0b2d58174f9d"},"riskApproversId":{"description":"list of approver ids","type":"array","items":{"type":"string","format":"uuid"},"example":["1c412288-b9fa-4fd6-98be-467b2824d33a"]},"deadline":{"description":"deadline, format - YYYY-MM-DDTHH:MM:SS.FFFZ","type":"string","format":"date-time","example":"2021-04-13T04:00:00.000Z"},"reminderDays":{"description":"number of days before the deadline when the reminder will be sent","type":"integer","format":"int64","example":2},"probabilityLevelId":{"description":"probability level id","type":"integer","format":"int64","example":3},"probabilityLevel":{"description":"probability level name","type":"string","example":"High"},"impactLevelId":{"description":"impact level id","type":"integer","format":"int64","example":1},"impactLevel":{"description":"impact level name","type":"string","example":"Low"},"riskScore":{"description":"risk score","type":"number","example":4},"levelId":{"description":"risk level Id","type":"integer","format":"int64","example":2},"systemCreated":{"description":"system created flag","type":"boolean","example":false},"categoryIds":{"description":"risk categories' Ids","type":"array","items":{"type":"string","format":"uuid"},"example":["5d83f96b-ffb8-444e-b440-248a3103c663"]},"controlIds":{"description":"risk controls' Ids","type":"array","items":{"type":"string","format":"uuid"},"example":[]},"threatId":{"description":"risk threat' Id","type":"string","format":"uuid","example":"1e235192-9987-4bae-b553-a3e3ca19d020"},"vulnerabilityIds":{"description":"risk vulnerability' Ids","type":"array","items":{"type":"string","format":"uuid"},"example":["bedb4c52-eb7c-4633-8e4d-264fe57b79a1"]},"attributeValues":{"description":"Custom Attributes","type":"object","example":{"attributeSingleSelectValue.value1":[{"id":"0d2455f5-0a3d-463c-831a-671b620f5d8c","value":"1","valueKey":"Risk.Attributes.44cc7a47-fc22-4339-a4f9-8bba492eba7f"}],"attributeSingleSelectValue.value2":[],"attributeSingleSelectValue.value11":[],"attributeSingleSelectValue.value12":[],"attributeSingleSelectValue.value18":[]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"ruleRootVersionId":{"description":"ruleRootVersion id","type":"string","format":"uuid","example":"e0d3df1f-97c4-413d-a214-10b56d50f4bc"},"riskTemplate":{"description":"risk template","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskTemplateIdentifier"},"targetRiskLevel":{"description":"target risk level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"name":{"description":"name for the risk","type":"string","example":"risk name for a test risk ","maxLength":300,"minLength":0},"treatment":{"description":"AKA remediation in current workflow","type":"string","maxLength":4000,"minLength":0},"riskManager":{"description":"list of manager ids","type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true}},"required":["associatedInventory","orgGroupId","source","type"]},"TechRiskCompliance-Risk_RiskTemplateIdentifier":{"type":"object","properties":{"id":{"type":"string","format":"uuid"}}},"TechRiskCompliance-Risk_ControlCreateParameter":{"type":"object","properties":{"primaryEntityId":{"type":"string","format":"uuid"},"separateImplementationRequired":{"type":"boolean"}}},"TechRiskCompliance-Risk_ControlRequestDto":{"type":"object","properties":{"identifier":{"description":"The identifier of the control.","type":"string","example":"A.1.1","maxLength":50,"minLength":1},"name":{"description":"The name of the control.","type":"string","example":"Control ABC","maxLength":300,"minLength":1},"orgGroupId":{"description":"The identifier of the organization the master control is linked to. In general, this is top organization in the org hierarchy.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"description":{"description":"Description of the control.","type":"string","example":"Testing Control","maxLength":3000,"minLength":0},"recommendation":{"description":"The recommendation status of this control based on Athena logic.","type":"string","example":"Recommended","maxLength":500,"minLength":0},"frameworkId":{"description":"Identifier of the framework the control is tied to.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"frameworkName":{"description":"Name of the framework the control is tied to.","type":"string","example":"NIST","maxLength":500,"minLength":0},"frameworkNameKey":{"description":"Identifier used for translation of Framework Name.","type":"string","example":"framework.NIST","maxLength":500,"minLength":0},"status":{"description":"The new status of the control. This can be Active, Archived, or Pending.","type":"string","example":"Active","enum":["Active","Archived","Pending"]},"categoryId":{"description":"The identifier of the category tied to the control. Optional if no category is needed or if category name is provided.","type":"string","format":"uuid","example":"1a2b3c4e-5f6g-7h8i-9j0k-1l2m3n4o5p6q"},"categoryName":{"description":"The name of the category tied to the control. Optional if category Id is provided.","type":"string","example":"Access Control","maxLength":500,"minLength":0},"categoryNameKey":{"description":"Identifier used for translation of category name. Optional if category Id is provided.","type":"string","example":"category.AccessControl","maxLength":500,"minLength":0},"attributes":{"description":"Custom Attributes","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"implementationGuidance":{"description":"Implementation guidance of control.","type":"string","example":"Testing Control"}},"required":["identifier","name","orgGroupId"]},"TechRiskCompliance-Risk_RiskRequest":{"type":"object","properties":{"description":{"description":"description","type":"string","maxLength":4000,"minLength":0},"treatmentPlan":{"description":"treatment plan","type":"string","maxLength":4000,"minLength":0},"orgGroupId":{"description":"organization group id","type":"string","format":"uuid"},"riskApproversId":{"description":"list of approver ids","type":"array","items":{"type":"string","format":"uuid"}},"inherentRiskLevel":{"description":"inherent risk level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"residualRiskLevel":{"description":"target risk level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"categoryIds":{"description":"risk categories' Ids","type":"array","items":{"type":"string","format":"uuid"}},"threatId":{"description":"risk threat' Id","type":"string","format":"uuid"},"vulnerabilityIds":{"description":"risk vulnerability' Ids","type":"array","items":{"type":"string","format":"uuid"}},"attributeValues":{"description":"Custom Attributes","type":"object","additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"targetRiskLevel":{"description":"target risk level","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"deadline":{"description":"deadline, format - YYYY-MM-DDTHH:MM:SS.FFFZ","type":"string","format":"date-time"},"reminderDays":{"description":"number of days before the deadline when the reminder will be sent","type":"integer","format":"int64"},"riskOwners":{"description":"list of risk owners","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_BasicEntityDetail"}},"relatedEntities":{"description":"list of linked entities","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSourceInformation"},"uniqueItems":true},"entityIdToControlIds":{"description":"Map of control and related entities","type":"object","additionalProperties":{"type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true}},"controlIds":{"description":"Set of Control Ids","type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true},"controlRequestDtos":{"description":"Ad Hoc control creation requests","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_ControlRequestDto"}},"controlIdToCreateParameter":{"description":"Map of controlId to create parameter","type":"object","additionalProperties":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_ControlCreateParameter"}},"riskTemplate":{"description":"risk template","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskTemplateIdentifier"},"name":{"description":"name","type":"string","maxLength":300,"minLength":0},"ignoreControlAutoInheritanceConfiguration":{"type":"boolean"},"treatment":{"description":"AKA remediation in current workflow","type":"string","maxLength":4000,"minLength":0},"riskManager":{"description":"list of manager ids","type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true}},"required":["orgGroupId"]},"TechRiskCompliance-Risk_RiskVulnerabilityAddRequest":{"type":"object","properties":{"vulnerabilityIdList":{"description":"List of unique identifiers of vulnerabilities to be added. If empty, all existing vulnerabilities will be removed from the risk.","type":"array","items":{"type":"string","format":"uuid","description":"List of unique identifiers of vulnerabilities to be added. If empty, all existing vulnerabilities will be removed from the risk."},"example":["123e4567-e89b-12d3-a456-426614174000","987fcdeb-51a2-43d7-9abc-123456789012"]}},"required":["vulnerabilityIdList"]},"TechRiskCompliance-Risk_RiskThreatAddRequest":{"type":"object","properties":{"threatId":{"description":"Unique identifier of the threat to be added. If null, any existing threat will be removed from the risk.","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"}}},"TechRiskCompliance-Risk_RiskControlImplementationsRequest":{"type":"object","properties":{"controlIds":{"type":"array","items":{"format":"uuid"},"uniqueItems":true},"status":{"description":"Status of the control implementation. Can be Pending, Implemented, or NotDoing. Defaults to Pending if not specified","type":"string","example":"Pending","default":"Pending","enum":["Pending","Implemented","NotDoing"]}},"example":{"controlIds":["a8d2f0c6-63e5-476b-b600-79a447251a2a","b9e3f1d7-74f6-587c-c711-8ab558362b3b"],"status":"Pending"},"required":["controlIds"]},"TechRiskCompliance-Risk_Page":{"type":"object","properties":{"totalElements":{"type":"integer","format":"int64"},"totalPages":{"type":"integer","format":"int32"},"size":{"type":"integer","format":"int32"},"content":{"items":{"type":"object"},"type":"array"},"number":{"type":"integer","format":"int32"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_SortObject"},"first":{"type":"boolean"},"last":{"type":"boolean"},"numberOfElements":{"type":"integer","format":"int32"},"pageable":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_PageableObject"},"empty":{"type":"boolean"}}},"TechRiskCompliance-Risk_PageableObject":{"type":"object","properties":{"offset":{"type":"integer","format":"int64"},"sort":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_SortObject"},"pageNumber":{"type":"integer","format":"int32"},"pageSize":{"type":"integer","format":"int32"},"paged":{"type":"boolean"},"unpaged":{"type":"boolean"}}},"TechRiskCompliance-Risk_SortObject":{"type":"object","properties":{"empty":{"type":"boolean"},"sorted":{"type":"boolean"},"unsorted":{"type":"boolean"}}},"TechRiskCompliance-Risk_AttributePredicate":{"type":"object","properties":{"field":{"description":"The field name used to filter results.","type":"string"},"operator":{"description":"The relationship that must be met between the field and value.","type":"string","enum":["EQUAL_TO","NOT_EQUAL_TO","GREATER_THAN","GREATER_THAN_EQUAL_TO","LESS_THAN","LESS_THAN_EQUAL_TO","BETWEEN"]},"value":{"description":"The field value used to filter results. If filtering for a range of values, this would be the start of the range and should be used in conjunction with the `toValue` parameter. \nExamples by type: UUID = 'e68d49c4-f11f-4cd9-8f1b-0be8ef945b8f', LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7","type":"object","oneOf":[{"type":"string","format":"uuid"},{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]},"toValue":{"description":"The field value for the end of the range. This field should be used in conjunction with the `value` parameter. \nExamples by type: LocalDate = '2023-01-01', OffsetDateTime = '2023-01-01T00:00:00Z', String = 'Closed', Number = 7","type":"object","oneOf":[{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]}},"required":["field"]},"TechRiskCompliance-Risk_RiskSearchRequest":{"type":"object","properties":{"filters":{"description":"Map of field names to their filter values for exact matching +This will be a Map of String Key and Object value. 'fieldname' key is mandatory to be passed, followed by value, example could be like name as some riskName","type":"object","additionalProperties":{"type":"object"}},"predicates":{"description":"Set of attribute predicates for complex search conditions","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributePredicate"},"uniqueItems":true},"fullTextSearch":{"description":"Full text search term to search across risk fields","type":"string","example":"security breach"},"visibleColumns":{"description":"List of column names to include in the response","type":"array","items":{"type":"string","description":"List of column names to include in the response","example":"[\"name\",\"state\",\"sourceType\"]"},"example":["name","state","sourceType"]},"includeHierarchicalChildInventoryRisks":{"description":"Include risks associated with inventory related as children in Inventory hierarchy","type":"boolean","example":false,"default":"false"}}},"TechRiskCompliance-Risk_Pageable":{"type":"object","properties":{"page":{"type":"integer","format":"int32","minimum":0},"size":{"type":"integer","format":"int32","minimum":1},"sort":{"type":"array","items":{"type":"string"}}}},"TechRiskCompliance-Risk_AdvanceStageActionInformation":{"type":"object","properties":{"id":{"description":"Advance Stage Action Identifier","type":"string","format":"uuid"},"actionType":{"description":"Advance Stage Action Type","type":"string","enum":["ATTRIBUTES, ATTACHMENT"]},"actionMetadata":{"description":"Advance Stage Action metadata","type":"object","additionalProperties":{"type":"object"}}},"required":["actionType","id"]},"TechRiskCompliance-Risk_StageExceptionInformation":{"type":"object","properties":{"stageExceptionApprovers":{"description":"Workflow Stage Exception Approvers","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_WorkflowStageApproverInformation"}},"exceptionGrantedTargetStageId":{"description":"Target stage for exception approval","type":"string","format":"uuid"},"workflowExceptionApprovalRequiredFromAll":{"description":"Is exception required from all approvers","type":"boolean"}}},"TechRiskCompliance-Risk_WorkflowStageApproverInformation":{"type":"object","properties":{"id":{"description":"Workflow Stage Approver Identifier","type":"string","format":"uuid"},"workFlowStageId":{"description":"Workflow Stage Id","type":"string","format":"uuid"},"approverType":{"description":"Workflow Stage Approver Type","type":"string","enum":["SYSTEM_USER, USER_ATTRIBUTE"]},"approverUserId":{"description":"Workflow Stage Approver User Id, User ID from Onetrust System","type":"string","format":"uuid"},"referenceApproverUserSourceId":{"description":"Reference identifier for approver' source. ie, fieldName from attribute Manager","type":"string"},"referenceApproverUserSourceOwner":{"description":"Reference Source Owner. ie, schemaname from attribute manager","type":"string"},"approverUserGroupId":{"description":"Workflow Stage Approver User Group Id, User Group ID from Onetrust System","type":"string","format":"uuid"},"approverCategory":{"description":"Field to indicate if the approver is for stage approval or exception","type":"string"},"customFields":{"description":"Custom fields","type":"object","additionalProperties":{"type":"object"}}},"required":["approverType","id","workFlowStageId"]},"TechRiskCompliance-Risk_WorkflowStageListInformation":{"type":"object","properties":{"id":{"description":"Workflow Stage Identifier","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"Workflow Stage Name","type":"string","example":"Investigation"},"nameKey":{"description":"Workflow Stage Name Key for translation purposes","type":"string","example":"workflow.stage.investigation"},"description":{"description":"Workflow Stage Description","type":"string","example":"Investigation stage for incident workflow"},"descriptionKey":{"description":"Workflow Stage Description Key for translation purposes","type":"string","example":"workflow.stage.investigation.description"},"sequence":{"description":"Workflow Stage Sequence number","type":"integer","format":"int32","example":2,"minimum":1},"allowDeletion":{"description":"Indicates if Workflow Stage can be deleted","type":"boolean","example":true,"default":"false"},"badgeColor":{"description":"Workflow Stage Badge Color for UI purposes","type":"string","example":"blue"},"approvalStage":{"description":"Indicates if the stage is an approval stage","type":"boolean","example":true,"default":"false"},"exceptionStage":{"description":"Indicates if the stage is an exception approval stage","type":"boolean","example":false,"default":"false"},"autoAdvanceOnApproval":{"description":"Can Workflow Stage Auto-Advance on Approval?","type":"boolean","example":true,"default":"false"},"customFields":{"description":"Custom fields","type":"object","example":{"priority":"high","category":"security"},"additionalProperties":{"type":"object"}},"stageApprovers":{"description":"Workflow Stage Approvers","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_WorkflowStageApproverInformation"}},"additionalFields":{"description":"Additional fields associated with Workflow Stage","type":"object","example":{"notificationEnabled":true},"additionalProperties":{"type":"object"}},"advanceStageActionEnabled":{"description":"Does Workflow Stage has advance stage action enabled?","type":"boolean","example":true,"default":"false"},"advanceStageActions":{"description":"Workflow Stage Advance Actions","type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AdvanceStageActionInformation"}},"stageExceptionConfiguration":{"description":"Workflow Stage Exception details","$ref":"#/components/schemas/TechRiskCompliance-Risk_StageExceptionInformation"}},"example":{"id":"123e4567-e89b-12d3-a456-426614174000","name":"Investigation","nameKey":"workflow.stage.investigation","description":"Investigation stage for incident workflow","descriptionKey":"workflow.stage.investigation.description","sequence":2,"allowDeletion":true,"badgeColor":"blue","approvalStage":true,"exceptionStage":false,"autoAdvanceOnApproval":true,"customFields":{"priority":"high","category":"security"},"stageApprovers":[{"id":"abc-123","name":"Security Approver"}],"additionalFields":{"notificationEnabled":true},"advanceStageActionEnabled":true,"advanceStageActions":[{"id":"def-456","name":"Approve"}],"stageExceptionConfiguration":{"enabled":true,"approverCount":2}},"required":["id","name","sequence"]},"TechRiskCompliance-Risk_WorkflowStageNavigationInstructionInformation":{"type":"object","properties":{"nextStageId":{"description":"Next stage ID - Only required if the navigation direction is Specific","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"direction":{"description":"Navigation direction","type":"string","example":"Next","enum":["First","Next","Previous","Last","Specific"]},"parameters":{"description":"Additional parameters for workflow navigation customization","additionalProperties":{"type":"object"},"example":{"skipValidation":true,"forceTransition":false,"notifyUsers":true},"type":"object"},"comment":{"description":"Comment describing the stage change","type":"string","example":"Moving to investigation stage due to new evidence","maxLength":4000,"minLength":0}},"example":{"nextStageId":"123e4567-e89b-12d3-a456-426614174000","direction":"Specific","parameters":{"forceTransition":false,"notifyUsers":true,"reason":"Security incident triage complete","skipValidation":true,"urgency":"high"},"comment":"Moving to investigation stage due to new evidence found during initial triage"},"required":["direction"]},"TechRiskCompliance-Risk_RiskLinkRequest":{"type":"object","properties":{"riskIds":{"description":"List of risk Ids that will be linked to or unlinked from the target entity. Must contain at least one valid risk ID","type":"array","items":{"type":"string","format":"uuid","description":"List of risk Ids that will be linked to or unlinked from the target entity. Must contain at least one valid risk ID"},"format":"uuid","example":["123e4567-e89b-12d3-a456-426614174001","987fcdeb-51a2-43d7-9abc-123456789013"],"maxItems":2147483647,"minItems":1},"riskSourceInformation":{"description":"source information","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskSourceInformation"},"origin":{"description":"origin of the risk","type":"string","example":"RISK","enum":["ASSESSMENT","RISK"]}},"required":["riskIds","riskSourceInformation"]},"TechRiskCompliance-Risk_RiskPatchRequest":{"type":"object","properties":{"description":{"description":"description","type":"string","example":"This is a test risk "},"recommendation":{"description":"recommendation","type":"string","example":"Implement the required controls "},"deadline":{"description":"deadline, format - YYYY-MM-DDTHH:MM:SS.FFFZ","type":"string","format":"date-time","example":"2021-04-13T04:00:00.000Z"},"reminderDays":{"description":"number of days before the deadline when the reminder will be sent","type":"integer","format":"int64","example":2},"probabilityLevelId":{"description":"probability level id","type":"integer","format":"int64","example":3},"impactLevelId":{"description":"impact level id","type":"integer","format":"int64","example":1},"riskScore":{"description":"risk score","type":"number","example":4},"levelId":{"description":"risk level Id, replacement for level field","type":"integer","format":"int64","example":2},"categoryIds":{"description":"List of Category Ids","type":"array","items":{"type":"string","format":"uuid"},"example":["5d83f96b-ffb8-444e-b440-248a3103c663"]},"inherentRiskLevel":{"description":"Inherent risk level details","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"targetRiskLevel":{"description":"Target risk level details","$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDetails"},"treatment":{"description":"AKA remediation in current workflow","type":"string","example":"Implement security controls"},"threatId":{"description":"Threat id","type":"string","format":"uuid","example":"1e235192-9987-4bae-b553-a3e3ca19d020"},"vulnerabilityIds":{"description":"List of vulnerabilityIds","type":"array","items":{"type":"string","format":"uuid"},"example":["bedb4c52-eb7c-4633-8e4d-264fe57b79a1"]},"orgGroupId":{"description":"organization group id","type":"string","format":"uuid","example":"b2dd4735-1347-4751-91c2-0b2d58174f9d"},"attributeValues":{"description":"Custom Attributes","type":"object","example":{"attributeSingleSelectValue.value1":[{"id":"0d2455f5-0a3d-463c-831a-671b620f5d8c","value":"1","valueKey":"Risk.Attributes.44cc7a47-fc22-4339-a4f9-8bba492eba7f"}],"attributeSingleSelectValue.value2":[],"attributeSingleSelectValue.value11":[],"attributeSingleSelectValue.value12":[],"attributeSingleSelectValue.value18":[]},"additionalProperties":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_AttributeValueInformation"}}},"name":{"description":"name","type":"string","example":"risk name for a test risk ","maxLength":300,"minLength":0},"treatmentStatus":{"description":"treatment status to set for Risk in Custom Workflows","type":"string","example":"InProgress","enum":["InProgress","UnderReview","ExceptionRequested","Approved","ExceptionGranted"]},"treatmentStatusId":{"type":"string","format":"uuid"},"result":{"description":"Result to set on Risk as part of approval ","type":"string","example":"Accepted","enum":["Accepted","Avoided","Reduced","Rejected","Transferred","Ignored"]},"resultId":{"description":"result Id","type":"string","format":"uuid","example":"edrf4735-1347-re51-65c2-0b2d58174f90"},"inherentLevelId":{"type":"integer","format":"int64"},"riskManager":{"description":"list of manager ids","type":"array","items":{"type":"string","format":"uuid"},"uniqueItems":true}}},"TechRiskCompliance-Risk_RiskLevelDto":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"},"displayName":{"type":"string"},"score":{"type":"integer","format":"int64"},"minScore":{"type":"number"},"maxScore":{"type":"number"}}},"TechRiskCompliance-Risk_StandardRiskScoreSettingDto":{"type":"object","properties":{"riskLevels":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDto"}}}},"TechRiskCompliance-Risk_ImpactLevelDto":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"},"value":{"type":"integer","format":"int64"},"position":{"type":"integer","format":"int64"}}},"TechRiskCompliance-Risk_MatrixRiskScoreDto":{"type":"object","properties":{"impactLevelId":{"type":"integer","format":"int64"},"impactPosition":{"type":"integer","format":"int64"},"probabilityId":{"type":"integer","format":"int64"},"probabilityPosition":{"type":"integer","format":"int64"},"riskScore":{"type":"number"}}},"TechRiskCompliance-Risk_MatrixRiskScoreSettingDto":{"type":"object","properties":{"probabilityLevels":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_ProbabilityLevelDto"},"maxItems":10,"minItems":2},"impactLevels":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_ImpactLevelDto"},"maxItems":10,"minItems":2},"riskLevelRange":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_RiskLevelDto"},"maxItems":5,"minItems":4},"matrixRiskScores":{"type":"array","items":{"$ref":"#/components/schemas/TechRiskCompliance-Risk_MatrixRiskScoreDto"}},"updatedEntities":{"type":"array","items":{"type":"string","enum":["PIA","ASSETS","PROCESSING_ACTIVITIES","VENDORS","ENTITIES","ENGAGEMENTS"]},"uniqueItems":true}},"required":["matrixRiskScores"]},"TechRiskCompliance-Risk_ProbabilityLevelDto":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"},"value":{"type":"integer","format":"int64"},"position":{"type":"integer","format":"int64"}}},"TechRiskCompliance-Risk_CategoryInformation":{"type":"object","properties":{"id":{"description":"Unique identifier of the category","type":"string","format":"uuid","example":"123e4567-e89b-12d3-a456-426614174000"},"name":{"description":"Name of the category","type":"string","example":"Security"},"nameKey":{"description":"Localization key for the category name","type":"string","example":"RiskCategory.Security"},"seeded":{"description":"Indicates if this is a seeded (pre-defined) category","type":"boolean","example":true},"archived":{"description":"Indicates if the category is archived","type":"boolean","example":false},"description":{"description":"Detailed description of the category","type":"string","example":"Security related risks and controls"},"descriptionKey":{"description":"Localization key for the category description","type":"string","example":"RiskCategory.Security.Description"}}}},"securitySchemes":{"TechRiskCompliance-ITRiskManagement_OAUTH2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://{hostname}/api/access/v1/oauth/token","scopes":{"CONTROL":"Access to Control Implementation operations for external systems","ITRM":"Access to ITRM operations for external systems"}}}},"TechRiskCompliance-RiskTemplate_OAUTH2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://{hostname}/api/access/v1/oauth/token","scopes":{"INTEGRATION":"Integration Scope","RISK":"Risk Scope","RISK_READ":"Risk read scope"}}}},"TechRiskCompliance-Risk_OAUTH2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://{hostname}/api/access/v1/oauth/token","scopes":{"RISK":"Risk Scope","RISK_READ":"Risk read scope","INTEGRATION":"Integration scope"}}}}}},"x-readme":{"explorer-enabled":false,"proxy-enabled":false,"metrics-enabled":false},"x-onetrust":{"spec-label":"OpenAPI 3.1.0"}}