emasser 3.4.1 → 3.12.0

data/lib/emasser/help/controls_put_mapper.md

@@ -1,74 +1,74 @@
-Endpoint request parameters/fields
-
-Field                   Data Type  Details
--------------------------------------------------------------------------------------------------
-systemId                 Integer   [Required] Unique eMASS identifier. Will need to provide correct number.
-acronym                  String    [Required] Required to match the NIST SP 800-53 Revision 4.
-responsibleEntities      String    [Required] Include written description of Responsible Entities that are responsible for the Security Control. 
-controlDesignation       String    [Required] Values include the following: (Common, System-Specific, Hybrid)
-estimatedCompletionDate  Date      [Required] Field is required for Implementation Plan
-implementationNarrative  String    [Required] Includes Security Control comments.
-
-implementationStatus    String     [Optional] Values include the following: (Planned, Implemented, Inherited, Not Applicable, Manually Inherited)
-severity                String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-vulnerabilitySummary    String     [Optional] Include vulnerability summary. Character Limit = 2,000.
-recommendations         String     [Optional] Include recommendations. Character Limit = 2,000.
-relevanceOfThreat       String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-likelihood              String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-impact                  String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-impactDescription       String     [Optional] Include description of Security Control's impact.
-residualRiskLevel       String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-testMethod              String     [Optional] Values include the following: ('Test', 'Interview', 'Examine', 'Test, Interview',
-                                              'Test, Examine', 'Interview, Examine', 'Test, Interview, Examine')
-
-commonControlProvider   String     [Conditional] Values include the following: (DoD, Component, Enclave)
-naJustification         String     [Conditional] Provide justification for Security Controls deemed Not Applicable to the system.
-slcmCriticality         String     [Conditional] Criticality of Security Control regarding SLCM. Character Limit = 2,000
-slcmFrequency           String     [Conditional] Values include the following: (Constantly, Daily, Weekly, Monthly, Quarterly,
-                                                 Semi-Annually, Annually, Every,Two Years, Every Three Years, Undetermined)
-slcmMethod              String     [Conditional] Values include the following: (Automated, Semi-Automated, Manual, Undetermined)
-slcmReporting           String     [Conditional] Method for reporting Security Controls for SLCM. Character Limit = 2,000
-slcmTracking            String     [Conditional] How Non-Compliant Security Controls will be tracked for SLCM. Character Limit = 2,000
-slcmComments            String     [Conditional] Additional comments for Security Control regarding SLCM. Character Limit = 4,000
-
-name                     String    [Read-Only] Name of control as defined in NIST SP 800-53 Revision 4.
-ccis                     String    [Read-Only] Comma separated list of CCIs associated with the control.
-isInherited              Boolean   [Read-Only] Indicates whether a control is inherited.
-modifiedByOverlays       String    [Read-Only] List of overlays that affect the control.
-includedStatus           String    [Read-Only] Indicates the manner by which a control was included in the system's categorization. 
-complianceStatus         String    [Read-Only] Compliance status of the control.
-
-
-Business Rules
-
-The following fields are required based on the value of the `implementationStatus` field
-  |Value                   |Required Fields
-  |------------------------|--------------------------------------------------------
-  |Planned or Implemented  |controlDesignation, estimatedCompletionDate, responsibleEntities, slcmCriticality, slcmFrequency, slcmMethod, slcmMethod, slcmTracking, slcmComments
-  |Not Applicable          |naJustification, controlDesignation, responsibleEntities
-  |Manually Inherited      |controlDesignation, estimatedCompletionDate, responsibleEntities, slcmCriticality, slcmFrequency, slcmMethod, slcmMethod, slcmTracking, slcmComments
-
-Implementation Plan cannot be updated if a Security Control is "Inherited" except for the following fields:
-    - Common Control Provider (commonControlProvider)
-    - Security Control Designation (controlDesignation)
-  
-The following parameters/fields have the following character limitations:
-- Implementation Plan information cannot be saved if the fields below exceed 2,000 character limits:
-  - N/A Justification        (naJustification)
-  - Responsible Entities     (responsibleEntities) 
-  - Implementation Narrative (implementationNarrative)
-  - Criticality              (slcmCriticality)
-  - Reporting                (slcmReporting)
-  - Tracking                 (slcmTracking)
-  - Vulnerability Summary    (vulnerabilitySummary)
-  - Recommendations          (recommendations)
-- Implementation Plan information cannot be saved if the fields below exceed 4,000 character limits:
-  - SLCM Comments            (slcmComments)
-
-Implementation Plan information cannot be updated if Security Control does not exist in the system record.
-
-Example:
-
-bundle exec exe/emasser put controls update --systemId [value] --acronym [value] --responsibleEntities [value] --controlDesignation [value] --estimatedCompletionDate [value] --implementationNarrative [value]
-
-Note: The example is only showing the required fields. Refer to instructions listed above for conditional and optional fields requirements.
+Endpoint request parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                 Integer   [Required] Unique eMASS identifier. Will need to provide correct number.
+acronym                  String    [Required] Required to match the NIST SP 800-53 Revision 4.
+responsibleEntities      String    [Required] Include written description of Responsible Entities that are responsible for the Security Control. 
+controlDesignation       String    [Required] Values include the following: (Common, System-Specific, Hybrid)
+estimatedCompletionDate  Date      [Required] Field is required for Implementation Plan
+implementationNarrative  String    [Required] Includes Security Control comments.
+
+implementationStatus    String     [Optional] Values include the following: (Planned, Implemented, Inherited, Not Applicable, Manually Inherited)
+severity                String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+vulnerabilitySummary    String     [Optional] Include vulnerability summary. Character Limit = 2,000.
+recommendations         String     [Optional] Include recommendations. Character Limit = 2,000.
+relevanceOfThreat       String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+likelihood              String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+impact                  String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+impactDescription       String     [Optional] Include description of Security Control's impact.
+residualRiskLevel       String     [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+testMethod              String     [Optional] Values include the following: ('Test', 'Interview', 'Examine', 'Test, Interview',
+                                              'Test, Examine', 'Interview, Examine', 'Test, Interview, Examine')
+
+commonControlProvider   String     [Conditional] Values include the following: (DoD, Component, Enclave)
+naJustification         String     [Conditional] Provide justification for Security Controls deemed Not Applicable to the system.
+slcmCriticality         String     [Conditional] Criticality of Security Control regarding SLCM. Character Limit = 2,000
+slcmFrequency           String     [Conditional] Values include the following: (Constantly, Daily, Weekly, Monthly, Quarterly,
+                                                 Semi-Annually, Annually, Every,Two Years, Every Three Years, Undetermined)
+slcmMethod              String     [Conditional] Values include the following: (Automated, Semi-Automated, Manual, Undetermined)
+slcmReporting           String     [Conditional] Method for reporting Security Controls for SLCM. Character Limit = 2,000
+slcmTracking            String     [Conditional] How Non-Compliant Security Controls will be tracked for SLCM. Character Limit = 2,000
+slcmComments            String     [Conditional] Additional comments for Security Control regarding SLCM. Character Limit = 4,000
+
+name                     String    [Read-Only] Name of control as defined in NIST SP 800-53 Revision 4.
+ccis                     String    [Read-Only] Comma separated list of CCIs associated with the control.
+isInherited              Boolean   [Read-Only] Indicates whether a control is inherited.
+modifiedByOverlays       String    [Read-Only] List of overlays that affect the control.
+includedStatus           String    [Read-Only] Indicates the manner by which a control was included in the system's categorization. 
+complianceStatus         String    [Read-Only] Compliance status of the control.
+
+
+Business Rules
+
+The following fields are required based on the value of the `implementationStatus` field
+  |Value                   |Required Fields
+  |------------------------|--------------------------------------------------------
+  |Planned or Implemented  |controlDesignation, estimatedCompletionDate, responsibleEntities, slcmCriticality, slcmFrequency, slcmMethod, slcmMethod, slcmTracking, slcmComments
+  |Not Applicable          |naJustification, controlDesignation, responsibleEntities
+  |Manually Inherited      |controlDesignation, estimatedCompletionDate, responsibleEntities, slcmCriticality, slcmFrequency, slcmMethod, slcmMethod, slcmTracking, slcmComments
+
+Implementation Plan cannot be updated if a Security Control is "Inherited" except for the following fields:
+    - Common Control Provider (commonControlProvider)
+    - Security Control Designation (controlDesignation)
+  
+The following parameters/fields have the following character limitations:
+- Implementation Plan information cannot be saved if the fields below exceed 2,000 character limits:
+  - N/A Justification        (naJustification)
+  - Responsible Entities     (responsibleEntities) 
+  - Implementation Narrative (implementationNarrative)
+  - Criticality              (slcmCriticality)
+  - Reporting                (slcmReporting)
+  - Tracking                 (slcmTracking)
+  - Vulnerability Summary    (vulnerabilitySummary)
+  - Recommendations          (recommendations)
+- Implementation Plan information cannot be saved if the fields below exceed 4,000 character limits:
+  - SLCM Comments            (slcmComments)
+
+Implementation Plan information cannot be updated if Security Control does not exist in the system record.
+
+Example:
+
+bundle exec exe/emasser put controls update --systemId [value] --acronym [value] --responsibleEntities [value] --controlDesignation [value] --estimatedCompletionDate [value] --implementationNarrative [value]
+
+Note: The example is only showing the required fields. Refer to instructions listed above for conditional and optional fields requirements.

data/lib/emasser/help/milestone_del_mapper.md

@@ -1,11 +1,11 @@
-Remove milestones in a system for one or many poa&m items
-
-To delete a milestone the record must be inactive by having the field isActive set to false (isActive=false).
-
-The server returns an empty object upon successfully deleting a milestone.
-
-The last milestone can not be deleted, at-least on must exist.
-
-Example:
-
-bundle exec exe/emasser delete milestones remove--systemId [value] --poamId [value] --milestoneId [value]
+Remove milestones in a system for one or many poa&m items
+
+To delete a milestone the record must be inactive by having the field isActive set to false (isActive=false).
+
+The server returns an empty object upon successfully deleting a milestone.
+
+The last milestone can not be deleted, at-least on must exist.
+
+Example:
+
+bundle exec exe/emasser delete milestones remove -s, --systemId [value] -p, --poamId [value] -m, --milestoneId [value]

data/lib/emasser/help/milestone_post_mapper.md

@@ -1,14 +1,14 @@
-Add milestones in a system for one or many poa&m items
-
-Endpoint request parameters/fields
-
-Field                   Data Type  Details
--------------------------------------------------------------------------------------------------
-systemId                Integer    [Required] Unique system identifier
-poamId                  Integer    [Required] Unique item identifier
-description             String     [Required] Provide a description of the milestone. 2000 Characters 
-scheduledCompletionDate Date       [Required] Schedule completion date - Unix date format
-
-Example:
-
-bundle exec exe/emasser put milestones add --systemId [value] --poamId [value] --description [value] --scheduledCompletionDate [value]
+Add milestones in a system for one or many poa&m items
+
+Endpoint request parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                Integer    [Required] Unique system identifier
+poamId                  Integer    [Required] Unique item identifier
+description             String     [Required] Provide a description of the milestone. 2000 Characters 
+scheduledCompletionDate Date       [Required] Schedule completion date - Unix date format
+
+Example:
+
+bundle exec exe/emasser put milestones add --systemId [value] --poamId [value] --description [value] --scheduledCompletionDate [value]

data/lib/emasser/help/milestone_put_mapper.md

@@ -1,23 +1,23 @@
-Updates a milestones in a system for one or many poa&m items
-
-Endpoint request parameters/fields
-
-Field                   Data Type  Details
--------------------------------------------------------------------------------------------------
-systemId                Integer    [Required] Unique system identifier
-milestoneId             Integer    [Required] Unique milestone identifier
-poamId                  Integer    [Required] unique item identifier
-description             String     [Required] Provide a description of the milestone. 2000 Characters 
-scheduledCompletionDate Date       [Required] In Unix date format ü
-isActive                Boolean    [Optional] Set to false only in the case where POA&M PUT would delete
-                                              specified milestone. Not available for other requests
-
-
-Set the field "isActive" to false only in the case where POA&M PUT would delete specified milestone. Not available  for other requests
-
-If a field is misrepresented (wrong value)the following response may be provided by the server:
-Response body: {"meta":{"code":500,"errorMessage":"Sorry! Something went wrong on our end. Please contact emass_support@bah.com for assistance."}}
-
-Example:
-
-bundle exec exe/emasser put milestones update --systemId [value] --poamId [value] --milestoneId [value] --description [value] --scheduledCompletionDate [value]
+Updates a milestones in a system for one or many poa&m items
+
+Endpoint request parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                Integer    [Required] Unique system identifier
+milestoneId             Integer    [Required] Unique milestone identifier
+poamId                  Integer    [Required] unique item identifier
+description             String     [Required] Provide a description of the milestone. 2000 Characters 
+scheduledCompletionDate Date       [Required] In Unix date format ü
+isActive                Boolean    [Optional] Set to false only in the case where POA&M PUT would delete
+                                              specified milestone. Not available for other requests
+
+
+Set the field "isActive" to false only in the case where POA&M PUT would delete specified milestone. Not available  for other requests
+
+If a field is misrepresented (wrong value)the following response may be provided by the server:
+Response body: {"meta":{"code":500,"errorMessage":"Sorry! Something went wrong on our end. Please contact emass_support@bah.com for assistance."}}
+
+Example:
+
+bundle exec exe/emasser put milestones update --systemId [value] --poamId [value] --milestoneId [value] --description [value] --scheduledCompletionDate [value]

data/lib/emasser/help/poam_del_mapper.md

@@ -1,5 +1,5 @@
-Remove one or many poa&m items in a system
-
-Example:
-
-bundle exec exe/emasser delete poams remove --systemId [value] --poamId [value]
+Remove one or many poa&m items in a system
+
+Example:
+
+bundle exec exe/emasser delete poams remove -s, --systemId [value] -p, --poamId [value]

data/lib/emasser/help/poam_post_mapper.md

@@ -1,93 +1,93 @@
-Endpoint request body parameters/fields
-
-Field                   Data Type  Details
--------------------------------------------------------------------------------------------------
-systemId                 Integer   [Required] Unique eMASS identifier. Will need to provide correct number.
-status                   String    [Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable).
-vulnerabilityDescription String    [Required] Provide a description of the POA&M Item. 2000 Characters.
-sourceIdentVuln          String    [Required] Include Source Identifying Vulnerability text. 2000 Characters.
-pocOrganization          String    [Required] Organization/Office represented. 100 Characters.
-resources                String    [Required] List of resources used. 250 Characters.
-
-milestones               JSON      [Conditional] Please see Notes 1 for more details.
-pocFirstName             String    [Conditional] First name of POC. 100 Characters.
-pocLastName              String    [Conditional] Last name of POC. 100 Characters.
-pocEmail                 String    [Conditional] Email address of POC. 100 Characters.
-pocPhoneNumber           String    [Conditional] Phone number of POC (area code) ***-**** format. 100 Characters.
-severity                 String    [Conditional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-scheduledCompletionDate  Date      [Conditional] Required for ongoing and completed POA&M items. Unix time format.
-completionDate           Date      [Conditional] Field is required for completed POA&M items. Unix time format.
-comments                 String    [Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters.
-
-externalUid              String    [Optional] Unique identifier external to the eMASS application for use with associating POA&M Items. 100 Characters.
-controlAcronym           String    [Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.
-cci                      String    [Optional] CCI associated with the test result.
-securityChecks           String    [Optional] Security Checks that are associated with the POA&M.
-rawSeverity              String    [Optional] Values include the following: (I, II, III)
-relevanceOfThreat        String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-likelihood               String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-impact                   String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-impactDescription        String    [Optional] Include description of Security Control’s impact.
-residualRiskLevel        String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
-recommendations          String    [Optional] Include recommendations. Character Limit 2,000.
-mitigation               String    [Optional] Include mitigation explanation. 2000 Characters.
-
-isInherited              String    [Read-Only] Indicates whether a POA&M Item is inherited.
-reviewStatus             string    [Read-Only] Values include the following options: (Not Approved, Under Review, Approved)
-extensionDate            Date      [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone
-                                               with a scheduled completion date that extends beyond the POA&M Item’s scheduled completion date.
-
-**If a milestone Id is provided the POA&M with the provided milestone Id is updated and the new POA&M milestones is set to null.**
-
-The following fields are required based on the contents of the "status" field
-  |status          |Required Fields
-  |----------------|--------------------------------------------------------
-  |Risk Accepted   |comments 
-  |Ongoing         |scheduledCompletionDate, milestones (at least 1)
-  |Completed       |scheduledCompletionDate, comments, completionDate, milestones (at least 1)
-  |Not Applicable  |POAM can not be created
-
-If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request.
-  - pocFirstName, pocLastName, pocPhoneNumber
-
-Business logic, the following rules apply when adding POA&Ms
-
-- POA&M Items cannot be saved if associated Security Control or AP is inherited.
-- POA&M Items cannot be created manually if a Security Control or AP is Not Applicable.
-- Completed POA&M Item cannot be saved if Completion Date is in the future.
-- Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
-- Risk Accepted POA&M Item cannot be saved with a Scheduled Completion Date or Milestones
-- POA&M Items with a review status of "Not Approved" cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item  Scheduled Completion Date.
-- POA&M Items with a review status of "Approved" can be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
-- POA&M Items that have a status of "Completed" and a status of "Ongoing" cannot be saved without Milestones.
-- POA&M Items that have a status of "Risk Accepted" cannot have milestones.
-- POA&M Items with a review status of "Approved" that have a status of "Completed" and "Ongoing" cannot update Scheduled Completion Date.
-- POA&M Items that have a review status of "Approved" are required to have a Severity Value assigned.
-- POA&M Items cannot be updated if they are included in an active package.
-- Archived POA&M Items cannot be updated.
-- POA&M Items with a status of "Not Applicable" will be updated through test result creation.
-- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
-
-
-The following parameters/fields have the following character limitations:
-- POA&M Item cannot be saved if the Point of Contact fields exceed 100 characters:
-  - Office / Organization (pocOrganization)
-  - First Name            (pocFirstName)
-  - Last Name             (pocLastName)
-  - Email                 (email)
-  - Phone Number          (pocPhoneNumber)
-- POA&M Items cannot be saved if Mitigation field (mitigation) exceeds 2000 characters.
-- POA&M Items cannot be saved if Source Identifying Vulnerability field exceeds 2000 characters.
-- POA&M Items cannot be saved if Comments (comments) field exceeds 2000 characters 
-- POA&M Items cannot be saved if Resource (resource) field exceeds 250 characters.
-- POA&M Items cannot be saved if Milestone Description exceeds 2000 characters.
-
-Example:
-
-bundle exec exe/emasser post poams add --systemId [value] --status [value] --vulnerabilityDescription [value] --sourceIdentVuln [value] --pocOrganization [value] --resources [value]
-
-Notes:
-1 - The format for milestones is:
-    --milestone description:[value] scheduledCompletionDate:[value]
-2 - Based on the value for the status (--status) parameter there are other required fields
-3 - Refer to instructions listed above for conditional and optional fields requirements.
+Endpoint request body parameters/fields
+
+Field                   Data Type  Details
+-------------------------------------------------------------------------------------------------
+systemId                 Integer   [Required] Unique eMASS identifier. Will need to provide correct number.
+status                   String    [Required] Values include the following: (Ongoing,Risk Accepted,Completed,Not Applicable).
+vulnerabilityDescription String    [Required] Provide a description of the POA&M Item. 2000 Characters.
+sourceIdentVuln          String    [Required] Include Source Identifying Vulnerability text. 2000 Characters.
+pocOrganization          String    [Required] Organization/Office represented. 100 Characters.
+resources                String    [Required] List of resources used. 250 Characters.
+
+milestones               JSON      [Conditional] Please see Notes 1 for more details.
+pocFirstName             String    [Conditional] First name of POC. 100 Characters.
+pocLastName              String    [Conditional] Last name of POC. 100 Characters.
+pocEmail                 String    [Conditional] Email address of POC. 100 Characters.
+pocPhoneNumber           String    [Conditional] Phone number of POC (area code) ***-**** format. 100 Characters.
+severity                 String    [Conditional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+scheduledCompletionDate  Date      [Conditional] Required for ongoing and completed POA&M items. Unix time format.
+completionDate           Date      [Conditional] Field is required for completed POA&M items. Unix time format.
+comments                 String    [Conditional] Field is required for completed and risk accepted POA&M items. 2000 Characters.
+
+externalUid              String    [Optional] Unique identifier external to the eMASS application for use with associating POA&M Items. 100 Characters.
+controlAcronym           String    [Optional] Control acronym associated with the POA&M Item. NIST SP 800-53 Revision 4 defined.
+cci                      String    [Optional] CCI associated with the test result.
+securityChecks           String    [Optional] Security Checks that are associated with the POA&M.
+rawSeverity              String    [Optional] Values include the following: (I, II, III)
+relevanceOfThreat        String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+likelihood               String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+impact                   String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+impactDescription        String    [Optional] Include description of Security Control’s impact.
+residualRiskLevel        String    [Optional] Values include the following: (Very Low, Low, Moderate, High, Very High)
+recommendations          String    [Optional] Include recommendations. Character Limit 2,000.
+mitigation               String    [Optional] Include mitigation explanation. 2000 Characters.
+
+isInherited              String    [Read-Only] Indicates whether a POA&M Item is inherited.
+reviewStatus             string    [Read-Only] Values include the following options: (Not Approved, Under Review, Approved)
+extensionDate            Date      [Read-Only] Value returned for a POA&M Item with review status "Approved" and has a milestone
+                                               with a scheduled completion date that extends beyond the POA&M Item’s scheduled completion date.
+
+**If a milestone Id is provided the POA&M with the provided milestone Id is updated and the new POA&M milestones is set to null.**
+
+The following fields are required based on the contents of the "status" field
+  |status          |Required Fields
+  |----------------|--------------------------------------------------------
+  |Risk Accepted   |comments 
+  |Ongoing         |scheduledCompletionDate, milestones (at least 1)
+  |Completed       |scheduledCompletionDate, comments, completionDate, milestones (at least 1)
+  |Not Applicable  |POAM can not be created
+
+If a POC email is supplied, the application will attempt to locate a user already registered within the application and pre-populate any information not explicitly supplied in the request. If no such user is found, these fields are required within the request.
+  - pocFirstName, pocLastName, pocPhoneNumber
+
+Business logic, the following rules apply when adding POA&Ms
+
+- POA&M Items cannot be saved if associated Security Control or AP is inherited.
+- POA&M Items cannot be created manually if a Security Control or AP is Not Applicable.
+- Completed POA&M Item cannot be saved if Completion Date is in the future.
+- Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
+- Risk Accepted POA&M Item cannot be saved with a Scheduled Completion Date or Milestones
+- POA&M Items with a review status of "Not Approved" cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item  Scheduled Completion Date.
+- POA&M Items with a review status of "Approved" can be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
+- POA&M Items that have a status of "Completed" and a status of "Ongoing" cannot be saved without Milestones.
+- POA&M Items that have a status of "Risk Accepted" cannot have milestones.
+- POA&M Items with a review status of "Approved" that have a status of "Completed" and "Ongoing" cannot update Scheduled Completion Date.
+- POA&M Items that have a review status of "Approved" are required to have a Severity Value assigned.
+- POA&M Items cannot be updated if they are included in an active package.
+- Archived POA&M Items cannot be updated.
+- POA&M Items with a status of "Not Applicable" will be updated through test result creation.
+- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
+
+
+The following parameters/fields have the following character limitations:
+- POA&M Item cannot be saved if the Point of Contact fields exceed 100 characters:
+  - Office / Organization (pocOrganization)
+  - First Name            (pocFirstName)
+  - Last Name             (pocLastName)
+  - Email                 (email)
+  - Phone Number          (pocPhoneNumber)
+- POA&M Items cannot be saved if Mitigation field (mitigation) exceeds 2000 characters.
+- POA&M Items cannot be saved if Source Identifying Vulnerability field exceeds 2000 characters.
+- POA&M Items cannot be saved if Comments (comments) field exceeds 2000 characters 
+- POA&M Items cannot be saved if Resource (resource) field exceeds 250 characters.
+- POA&M Items cannot be saved if Milestone Description exceeds 2000 characters.
+
+Example:
+
+bundle exec exe/emasser post poams add --systemId [value] --status [value] --vulnerabilityDescription [value] --sourceIdentVuln [value] --pocOrganization [value] --resources [value]
+
+Notes:
+1 - The format for milestones is:
+    --milestone description:[value] scheduledCompletionDate:[value]
+2 - Based on the value for the status (--status) parameter there are other required fields
+3 - Refer to instructions listed above for conditional and optional fields requirements.