Package gov.nist.secauto.oscal.lib.model

Class Characterization.Facet

  • Enclosing class:
    Characterization
    @MetaschemaAssembly(formalName="Facet",
                    description="An individual characteristic that is part of a larger set produced by the same actor.",
                    name="facet",
                    metaschema=OscalAssessmentCommonMetaschema.class)
@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values=@AllowedValue(value="state",description="Indicates if the facet is \'initial\' as first identified, or \'adjusted\' indicating that the value has be changed after some adjustments have been made (e.g., to identify residual risk).")) @AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'state\']/@value",values={@AllowedValue(value="initial",description="As first identified."),@AllowedValue(value="adjusted",description="Indicates that residual risk remains after some adjustments have been made.")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://csrc.nist.gov/ns/oscal\']/@name",values={@AllowedValue(value="likelihood",description="General likelihood rating."),@AllowedValue(value="impact",description="General impact rating."),@AllowedValue(value="risk",description="General risk rating."),@AllowedValue(value="severity",description="General severity rating.")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://fedramp.gov\',\'http://fedramp.gov/ns/oscal\')]/@name",values={@AllowedValue(value="likelihood",description="Likelihood as defined by FedRAMP. The `class` can be used to specify \'initial\' and \'adjusted\' risk states."),@AllowedValue(value="impact",description="Impact as defined by FedRAMP. The `class` can be used to specify \'initial\' and \'adjusted\' risk states."),@AllowedValue(value="risk",description="Risk as calculated according to FedRAMP. The `class` can be used to specify \'initial\' and \'adjusted\' risk states.")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://cve.mitre.org\']/@name",values=@AllowedValue(value="cve-id",description="An identifier managed by the CVE program (see https://cve.mitre.org/).")) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\']/@name",values={@AllowedValue(value="access-vector",description="Base: Access Vector"),@AllowedValue(value="access-complexity",description="Base: Access Complexity"),@AllowedValue(value="authentication",description="Base: Authentication"),@AllowedValue(value="confidentiality-impact",description="Base: Confidentiality Impact"),@AllowedValue(value="integrity-impact",description="Base: Integrity Impact"),@AllowedValue(value="availability-impact",description="Base: Availability Impact"),@AllowedValue(value="exploitability",description="Temporal: Exploitability"),@AllowedValue(value="remediation-level",description="Temporal: Remediation Level"),@AllowedValue(value="report-confidence",description="Temporal: Report Confidence"),@AllowedValue(value="collateral-damage-potential",description="Environmental: Collateral Damage Potential"),@AllowedValue(value="target-distribution",description="Environmental: Target Distribution"),@AllowedValue(value="confidentiality-requirement",description="Environmental: Confidentiality Requirement"),@AllowedValue(value="integrity-requirement",description="Environmental: Integrity Requirement"),@AllowedValue(value="availability-requirement",description="Environmental: Availability Requirement")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'access-vector\']/@value",values={@AllowedValue(value="local",description="Local"),@AllowedValue(value="adjacent-network",description="Network Adjacent"),@AllowedValue(value="network",description="Network")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'access-complexity\']/@value",values={@AllowedValue(value="high",description="High"),@AllowedValue(value="medium",description="Medium"),@AllowedValue(value="low",description="Low")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'authentication\']/@value",values={@AllowedValue(value="multiple",description="Multiple"),@AllowedValue(value="single",description="Single"),@AllowedValue(value="none",description="None")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=(\'confidentiality-impact\', \'integrity-impact\', \'availability-impact\')]/@value",values={@AllowedValue(value="none",description="None"),@AllowedValue(value="partial",description="Partial"),@AllowedValue(value="complete",description="Complete")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'exploitability\']/@value",values={@AllowedValue(value="unproven",description="Unproven"),@AllowedValue(value="proof-of-concept",description="Proof-of-Concept"),@AllowedValue(value="functional",description="Functional"),@AllowedValue(value="high",description="High"),@AllowedValue(value="not-defined",description="Not Defined")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'remediation-level\']/@value",values={@AllowedValue(value="official-fix",description="Official Fix"),@AllowedValue(value="temporary-fix",description="Temporary Fix"),@AllowedValue(value="workaround",description="Workaround"),@AllowedValue(value="unavailable",description="Unavailable"),@AllowedValue(value="not-defined",description="Not Defined")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'report-confidence\']/@value",values={@AllowedValue(value="unconfirmed",description="Unconfirmed"),@AllowedValue(value="uncorroborated",description="Uncorroborated"),@AllowedValue(value="confirmed",description="Confirmed"),@AllowedValue(value="not-defined",description="Not Defined")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=\'collateral-damage-potential\']/@value",values={@AllowedValue(value="none",description="None"),@AllowedValue(value="low",description="Low (light loss)"),@AllowedValue(value="low-medium",description="Low Medium"),@AllowedValue(value="medium-high",description="Medium High"),@AllowedValue(value="high",description="High (catastrophic loss)"),@AllowedValue(value="not-defined",description="Not Defined")}) @AllowedValues(level=ERROR,target="(.)[@system=\'http://www.first.org/cvss/v2.0\' and @name=(\'target-distribution\', \'confidentiality-requirement\', \'integrity-requirement\', \'availability-requirement\')]/@value",values={@AllowedValue(value="none",description=""),@AllowedValue(value="low",description=""),@AllowedValue(value="medium",description=""),@AllowedValue(value="high",description=""),@AllowedValue(value="not-defined",description="")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\')]/@name",values={@AllowedValue(value="attack-vector",description="Base: Attack Vector"),@AllowedValue(value="access-complexity",description="Base: Attack Complexity"),@AllowedValue(value="privileges-required",description="Base: Privileges Required"),@AllowedValue(value="user-interaction",description="Base: User Interaction"),@AllowedValue(value="scope",description="Base: Scope"),@AllowedValue(value="confidentiality-impact",description="Base: Confidentiality Impact"),@AllowedValue(value="integrity-impact",description="Base: Integrity Impact"),@AllowedValue(value="availability-impact",description="Base: Availability Impact"),@AllowedValue(value="exploit-code-maturity",description="Temporal: Exploit Code Maturity"),@AllowedValue(value="remediation-level",description="Temporal: Remediation Level"),@AllowedValue(value="report-confidence",description="Temporal: Report Confidence"),@AllowedValue(value="modified-attack-vector",description="Environmental: Modified Attack Vector"),@AllowedValue(value="modified-attack-complexity",description="Environmental: Modified Attack Complexity"),@AllowedValue(value="modified-privileges-required",description="Environmental: Modified Privileges Required"),@AllowedValue(value="modified-user-interaction",description="Environmental: Modified User Interaction"),@AllowedValue(value="modified-scope",description="Environmental: Modified Scope"),@AllowedValue(value="modified-confidentiality",description="Environmental: Modified Confidentiality"),@AllowedValue(value="modified-integrity",description="Environmental: Modified Integrity"),@AllowedValue(value="modified-availability",description="Environmental: Modified Availability"),@AllowedValue(value="confidentiality-requirement",description="Environmental: Confidentiality Requirement Modifier"),@AllowedValue(value="integrity-requirement",description="Environmental: Integrity Requirement Modifier"),@AllowedValue(value="availability-requirement",description="Environmental: Availability Requirement Modifier")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'access-vector\']/@value",values={@AllowedValue(value="network",description="Network"),@AllowedValue(value="adjacent",description="Adjacent"),@AllowedValue(value="local",description="Local"),@AllowedValue(value="physical",description="Physical")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'access-complexity\']/@value",values={@AllowedValue(value="high",description="High"),@AllowedValue(value="low",description="Low")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=(\'privileges-required\', \'confidentiality-impact\', \'integrity-impact\', \'availability-impact\')]/@value",values={@AllowedValue(value="none",description="None"),@AllowedValue(value="low",description="Low"),@AllowedValue(value="high",description="High")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'user-interaction\']/@value",values={@AllowedValue(value="none",description="None"),@AllowedValue(value="required",description="Required")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'scope\']/@value",values={@AllowedValue(value="unchanged",description="Unchanged"),@AllowedValue(value="changed",description="Changed")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'exploit-code-maturity\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="unproven",description="Unproven"),@AllowedValue(value="proof-of-concept",description="Proof-of-Concept"),@AllowedValue(value="functional",description="Functional"),@AllowedValue(value="high",description="High")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'remediation-level\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="official-fix",description="Official Fix"),@AllowedValue(value="temporary-fix",description="Temporary Fix"),@AllowedValue(value="workaround",description="Workaround"),@AllowedValue(value="unavailable",description="Unavailable")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'report-confidence\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="unknown",description="Unknown"),@AllowedValue(value="reasonable",description="Reasonable"),@AllowedValue(value="confirmed",description="Confirmed")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=(\'confidentiality-requirement\', \'integrity-requirement\', \'availability-requirement\')]/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="low",description="Low"),@AllowedValue(value="medium",description="Medium"),@AllowedValue(value="high",description="High")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'modified-attack-vector\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="network",description="Network"),@AllowedValue(value="adjacent",description="Adjacent"),@AllowedValue(value="local",description="Local"),@AllowedValue(value="physical",description="Physical")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'modified-attack-complexity\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="high",description="High"),@AllowedValue(value="low",description="Low")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=(\'modified-privileges-required\', \'modified-confidentiality\', \'modified-integrity\', \'modified-availability\')]/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="none",description="None"),@AllowedValue(value="low",description="Low"),@AllowedValue(value="high",description="High")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'modified-user-interaction\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="none",description="None"),@AllowedValue(value="required",description="Required")}) @AllowedValues(level=ERROR,target="(.)[@system=(\'http://www.first.org/cvss/v3.0\', \'http://www.first.org/cvss/v3.1\') and @name=\'modified-scope\']/@value",values={@AllowedValue(value="not-defined",description="Not Defined"),@AllowedValue(value="unchanged",description="Unchanged"),@AllowedValue(value="changed",description="Changed")})
public static class Characterization.Facet
extends Object
    An individual characteristic that is part of a larger set produced by the same actor.

    • Constructor Detail

    • Method Detail

      • addProp

        public boolean addProp​(Property item)
        Add a new Property item to the underlying collection.
        Parameters:
        item - the item to add
        Returns:
        true

      • removeProp

        public boolean removeProp​(Property item)
        Remove the first matching Property item from the underlying collection.
        Parameters:
        item - the item to remove
        Returns:
        true if the item was removed or false otherwise

      • addLink

        public boolean addLink​(Link item)
        Add a new Link item to the underlying collection.
        Parameters:
        item - the item to add
        Returns:
        true

      • removeLink

        public boolean removeLink​(Link item)
        Remove the first matching Link item from the underlying collection.
        Parameters:
        item - the item to remove
        Returns:
        true if the item was removed or false otherwise

      • getRemarks

        public gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline getRemarks()

      • setRemarks

        public void setRemarks​(gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline value)