Package gov.nist.secauto.oscal.lib.model

Class DefinedComponent

  • @MetaschemaAssembly(formalName="Component",
                    description="A defined component that can be part of an implemented system.",
                    name="defined-component",
                    metaschema=OscalComponentDefinitionMetaschema.class,
                    remarks="Components may be products, services, APIs, policies, processes, plans, guidance, standards, or other tangible items that enable security and/or privacy.\n\nThe `type` indicates which of these component types is represented.\n\nA group of components may be aggregated into a `capability`. For example, an account management capability that consists of an account management process, and a Lightweight Directory Access Protocol (LDAP) software implementation.\n\nCapabilities are expressed by combining one or more components.")
@ValueConstraints(allowedValues={@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values={@AllowedValue(value="version",description="The version of the component."),@AllowedValue(value="patch-level",description="The specific patch level of the component."),@AllowedValue(value="model",description="The model of the component."),@AllowedValue(value="release-date",description="The date the component was released, such as a software release date or policy publication date."),@AllowedValue(value="validation-type",description="Used with component-type=\'validation\' to provide a well-known name for a kind of validation."),@AllowedValue(value="validation-reference",description="Used with component-type=\'validation\' to indicate the validating body\'s assigned identifier for their validation of this component."),@AllowedValue(value="asset-type",description="Simple indication of the asset\'s function, such as Router, Storage Array, DNS Server."),@AllowedValue(value="asset-id",description="An organizationally specific identifier that is used to uniquely identify a logical or tangible item by the organization that owns the item."),@AllowedValue(value="asset-tag",description="An asset tag assigned by the organization responsible for maintaining the logical or tangible item."),@AllowedValue(value="public",description="Identifies whether the asset is publicly accessible (yes/no)"),@AllowedValue(value="virtual",description="Identifies whether the asset is virtualized (yes/no)"),@AllowedValue(value="vlan-id",description="Virtual LAN identifier of the asset."),@AllowedValue(value="network-id",description="The network identifier of the asset."),@AllowedValue(value="label",description="A human-readable label for the parent context."),@AllowedValue(value="sort-id",description="An alternative identifier, whose value is easily sortable among other such values in the document."),@AllowedValue(value="baseline-configuration-name",description="The name of the baseline configuration for the asset."),@AllowedValue(value="allows-authenticated-scan",description="Can the asset be check with an authenticated scan? (yes/no)"),@AllowedValue(value="function",description="The function provided by the asset for the system.")}),@AllowedValues(level=ERROR,target="link/@rel",allowOthers=true,values={@AllowedValue(value="depends-on",description="A reference to another component that this component has a dependency on."),@AllowedValue(value="validation",description="A reference to another component of component-type=validation, that is a validation (e.g., FIPS 140-2) for this component"),@AllowedValue(value="proof-of-compliance",description="A pointer to a validation record (e.g., FIPS 140-2) or other compliance information."),@AllowedValue(value="baseline-template",description="A reference to the baseline template used to configure the asset."),@AllowedValue(value="uses-service",description="This service is used by the referenced component identifier."),@AllowedValue(value="system-security-plan",description="A link to the system security plan of the external system."),@AllowedValue(value="uses-network",description="This component uses the network provided by the identified network component.")}),@AllowedValues(level=ERROR,target="responsible-role/@role-id|control-implementation/implemented-requirement/responsible-role/@role-id|control-implementation/implemented-requirement/statement/responsible-role/@role-id",allowOthers=true,values={@AllowedValue(value="asset-owner",description="Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."),@AllowedValue(value="asset-administrator",description="Responsible for administering a set of assets."),@AllowedValue(value="security-operations",description="Members of the security operations center (SOC)."),@AllowedValue(value="network-operations",description="Members of the network operations center (NOC)."),@AllowedValue(value="incident-response",description="Responsible for responding to an event that could lead to loss of, or disruption to, an organization\'s operations, services or functions."),@AllowedValue(value="help-desk",description="Responsible for providing information and support to users."),@AllowedValue(value="configuration-management",description="Responsible for the configuration management processes governing changes to the asset."),@AllowedValue(value="maintainer",description="Responsible for the creation and maintenance of a component."),@AllowedValue(value="provider",description="Organization responsible for providing the component, if this is different from the \"maintainer\" (e.g., a reseller).")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'asset-type\']/@value",allowOthers=true,values={@AllowedValue(value="operating-system",description="System software that manages computer hardware, software resources, and provides common services for computer programs."),@AllowedValue(value="database",description="An electronic collection of data, or information, that is specially organized for rapid search and retrieval."),@AllowedValue(value="web-server",description="A system that delivers content or services to end users over the Internet or an intranet."),@AllowedValue(value="dns-server",description="A system that resolves domain names to internet protocol (IP) addresses."),@AllowedValue(value="email-server",description="A computer system that sends and receives electronic mail messages."),@AllowedValue(value="directory-server",description="A system that stores, organizes and provides access to directory information in order to unify network resources."),@AllowedValue(value="pbx",description="A private branch exchange (PBX) provides a a private telephone switchboard."),@AllowedValue(value="firewall",description="A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules."),@AllowedValue(value="router",description="A physical or virtual networking device that forwards data packets between computer networks."),@AllowedValue(value="switch",description="A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device."),@AllowedValue(value="storage-array",description="A consolidated, block-level data storage capability."),@AllowedValue(value="appliance",description="A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'allows-authenticated-scan\']/@value",values={@AllowedValue(value="yes",description="The component allows an authenticated scan."),@AllowedValue(value="no",description="The component does not allow an authenticated scan.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'virtual\']/@value",values={@AllowedValue(value="yes",description="The component is virtualized."),@AllowedValue(value="no",description="The component is not virtualized.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'public\']/@value",values={@AllowedValue(value="yes",description="The component is publicly accessible."),@AllowedValue(value="no",description="The component is not publicly accessible.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'implementation-point\']/@value",values={@AllowedValue(value="internal",description="The component is implemented within the system boundary."),@AllowedValue(value="external",description="The component is implemented outside the system boundary.")}),@AllowedValues(level=ERROR,target="(.)[@type=\'software\']/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values=@AllowedValue(value="software-identifier",description="If a \"software\" component-type, the identifier, such as a SWID tag, for the software component.")),@AllowedValues(level=ERROR,target="(.)[@type=\'service\']/link/@rel",allowOthers=true,values={@AllowedValue(value="provided-by",description="This service is provided by the referenced component identifier."),@AllowedValue(value="used-by",description="This service is used by the referenced component identifier.")})},indexHasKey=@IndexHasKey(level=ERROR,target="prop[@name=\'physical-location\']",indexName="index-metadata-location-uuid",keyFields=@KeyField(target="@value")),matches={@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'inherited-uuid\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter.class),@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'release-date\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.DateAdapter.class)},expect=@Expect(level=ERROR,test="not(exists((.)[not(@type=\'service\')]/protocol))"))
@AssemblyConstraints(isUnique=@IsUnique(id="unique-defined-component-responsible-role",level=ERROR,target="responsible-role",keyFields=@KeyField(target="@role-id"),remarks="Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."))
public class DefinedComponent
extends Object
    A defined component that can be part of an implemented system.