Retorna todo o conteúdo de um questionário.
URL
{RMUrl}/api/risk/questionnaires/<QuestionnaireId>
MÉTODO DE SOLICITAÇÃO
GET
PARÂMETRO DA URL
QuestionnaireId: esse parâmetro é informado na URL.
EXEMPLOS DE SOLICITAÇÃO
Para acessar o questionário de ID "178":
{RMUrl}/api/risk/questionnaires/178
RESPOSTA DE SUCESSO
Lista dos controles do questionário e das respostas fornecidas para esses controles caso o questionário já tenha sido respondido ou parcialmente respondido.
RMQuestionnaire[].
O objeto RMQuestionnaire está no seguinte formato:
RMQuestionnaire
{
boolean AvailableforAnswer;
object Controls[];
}
Nota: o campo AvailableforAnswer retornará o valor "true" quando o questionário estiver em um estado válido para ser respondido; caso contrário, retornará o valor "false".
O objeto Controls é um array com a seguinte estrutura:
Controls
{
guid Id;
guid ControlID;
string Name;
string Justification;
string Recommendation;
string Source;
string Reference;
string Grouping;
object Threats[];
int Probability;
int Severity;
int Relevance;
string Comments;
string Evidence;
object Attachments[];
string Status;
int StatusCode;
}
EXEMPLO DE RESPOSTAS DE SUCESSO
[
{"Id":"7adce05b-1d91-4e89-a0f1-20d8f3ba0105",
"ControlID":"MOD_EN.00002161",
"Name":"Private encryption keys should be stored by the user in a safe place.",
"Justification":"The use of encryption requires the possession and storage of a private key by the user, either in his/her hard disk, or on a removable external device, a token for instance. If this key is accessed or falls in wrong hands, its use may compromise the confidentiality and integrity of systems and information. This risk can be even higher if the process of delivering the codes to generate the key is not secure. For these reasons, it is advisable that private encryption keys are protected by the user against undue access.",
"Recommendation":"This control can be implemented through the following procedures:\n\n1. Protect the private key's confidentiality that should be kept secret, since anyone with access to this key can use it to decrypt information, access systems with authentication by digital certificates etc.\n\nNote: In case of suspicion or compromising of the private key, the user should report the problem and request its use is immediately revoked.\n\nRelated controls: ID 16923.\n\nWarning! This control was designed for generic environments. Evaluate applicability and possible impact prior to implementation in an operational environment.",
"Source":"ISO/IEC 27002:2005 - Topic 12.3.2 - Key management.",
"Reference":"MSLab",
"Grouping":"Encryption",
"Threats":[
{"Id":"51e69335-01af-11e2-94b3-001ec91f4b0a","Name":"Unauthorized Logical Access"},
{"Id":"51e69337-01af-11e2-94b3-001ec91f4b0a","Name":"Fraud or Sabotage"},
{"Id":"51e69343-01af-11e2-94b3-001ec91f4b0a","Name":"Robbery"}
],
"Probability":5,
"Severity":5,
"Relevance":3,
"Comments":"Verificado através de análise manual",
"Attachments":[
{"Id":36,"FileName":"manual.pdf"},
{"Id":49,"FileName":"configuracoes.pdf"}
],
"Status":"Implemented",
"StatusCode":0
}
]