Returns all content of a questionnaire.
URL
{RMUrl}/api/risk/questionnaires/<QuestionnaireId>
REQUEST METHOD
GET
URL PARAMETER
QuestionnaireId: This parameter is provided in the URL.
REQUEST EXAMPLE
To access a questionnaire with an ID code of "178":
{RMUrl}/api/risk/questionnaires/178
SUCCESS RESPONSE
List of the controls in the questionnaire and of the answers provided to each, if the questionnaire was answered or partially answered.
RMQuestionnaire[].
The RMQuestionnaire object is in the following format:
RMQuestionnaire
{
boolean AvailableforAnswer;
object Controls[];
}
Note: The AvailableforAnswer field returns the value "true" when the questionnaire is available for answering. If not, it returns the value "false".
The Controls object is an array with the following members:
Controls
{
guid Id;
guid ControlID;
string Name;
string Justification;
string Recommendation;
string Source;
string Reference;
string Grouping;
object Threats[];
int Probability;
int Severity;
int Relevance;
string Comments;
string Evidence;
object Attachments[];
string Status;
int StatusCode;
}
SUCCESS RESPONSE EXAMPLE
[
{"Id":"7adce05b-1d91-4e89-a0f1-20d8f3ba0105",
"ControlID":"MOD_EN.00002161",
"Name":"Private encryption keys should be stored by the user in a safe place.",
"Justification":"The use of encryption requires the possession and storage of a private key by the user, either in his/her hard disk, or on a removable external device, a token for instance. If this key is accessed or falls in wrong hands, its use may compromise the confidentiality and integrity of systems and information. This risk can be even higher if the process of delivering the codes to generate the key is not secure. For these reasons, it is advisable that private encryption keys are protected by the user against undue access.",
"Recommendation":"This control can be implemented through the following procedures:\n\n1. Protect the private key's confidentiality that should be kept secret, since anyone with access to this key can use it to decrypt information, access systems with authentication by digital certificates etc.\n\nNote: In case of suspicion or compromising of the private key, the user should report the problem and request its use is immediately revoked.\n\nRelated controls: ID 16923.\n\nWarning! This control was designed for generic environments. Evaluate applicability and possible impact prior to implementation in an operational environment.",
"Source":"ISO/IEC 27002:2005 - Topic 12.3.2 - Key management.",
"Reference":"MSLab",
"Grouping":"Encryption",
"Threats":[
{"Id":"51e69335-01af-11e2-94b3-001ec91f4b0a","Name":"Unauthorized Logical Access"},
{"Id":"51e69337-01af-11e2-94b3-001ec91f4b0a","Name":"Fraud or Sabotage"},
{"Id":"51e69343-01af-11e2-94b3-001ec91f4b0a","Name":"Robbery"}
],
"Probability":5,
"Severity":5,
"Relevance":3,
"Comments":"Verified manually",
"Attachments":[
{"Id":36,"FileName":"manual.pdf"},
{"Id":49,"FileName":"configurations.pdf"}],
"Status":"Implemented"
"StatusCode":0
}
]