Package gov.nist.secauto.oscal.lib.model

Class ImplementedRequirement

  • @MetaschemaAssembly(formalName="Control-based Requirement",
                    description="Describes how the system satisfies the requirements of an individual control.",
                    name="implemented-requirement",
                    metaschema=OscalSspMetaschema.class,
                    remarks="Use of `set-parameter` in this context, sets the parameter for the referenced control. Any `set-parameter` defined in a child context will override this value. If not overridden by a child, this value applies in the child context.")
@ValueConstraints(allowedValues={@AllowedValues(level=ERROR,target="(.|statement|.//by-component)/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values=@AllowedValue(value="control-origination",description="Identifies the source of the implemented control. Any `control-origination` prop defined in a child context will override the parent value.")),@AllowedValues(level=ERROR,target="(.|statement|.//by-component)/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'control-origination\']/@value",values={@AllowedValue(value="organization",description="The control is implemented by the organization owning the system, but is not specific to the system itself."),@AllowedValue(value="system-specific",description="The control is implemented specifically to this system."),@AllowedValue(value="customer-configured",description="The control is provided by the system, but must be configured by the customer."),@AllowedValue(value="customer-provided",description="The control must be implemented by the customer."),@AllowedValue(value="inherited",description="This control is inherited from an underlying system.")}),@AllowedValues(level=ERROR,target="responsible-role/@role-id",allowOthers=true,values={@AllowedValue(value="asset-owner",description="Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."),@AllowedValue(value="asset-administrator",description="Responsible for administering a set of assets."),@AllowedValue(value="security-operations",description="Members of the security operations center (SOC)."),@AllowedValue(value="network-operations",description="Members of the network operations center (NOC)."),@AllowedValue(value="incident-response",description="Responsible for responding to an event that could lead to loss of, or disruption to, an organization\'s operations, services or functions."),@AllowedValue(value="help-desk",description="Responsible for providing information and support to users."),@AllowedValue(value="configuration-management",description="Responsible for the configuration management processes governing changes to the asset.")})},indexHasKey={@IndexHasKey(level=ERROR,target="responsible-role|statement/responsible-role|.//by-component//responsible-role",indexName="index-metadata-role-id",keyFields=@KeyField(target="@role-id")),@IndexHasKey(level=ERROR,target="responsible-role|statement/responsible-role|.//by-component//responsible-role",indexName="index-metadata-party-uuid",keyFields=@KeyField(target="party-uuid"))})
@AssemblyConstraints(isUnique={@IsUnique(id="unique-ssp-implemented-requirement-set-parameter",level=ERROR,target="set-parameter",keyFields=@KeyField(target="@param-id"),remarks="Since multiple `set-parameter` entries can be provided, each parameter must be set only once."),@IsUnique(id="unique-ssp-implemented-requirement-responsible-role",level=ERROR,target="responsible-role",keyFields=@KeyField(target="@role-id"),remarks="Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."),@IsUnique(id="unique-ssp-implemented-requirement-statement",level=ERROR,target="statement",keyFields=@KeyField(target="@statement-id"),remarks="Since `statement` entries can be referenced using the statement\'s statement-id, each statement must be referenced only once."),@IsUnique(id="unique-ssp-implemented-requirement-by-component",level=ERROR,target="by-component",keyFields=@KeyField(target="@component-uuid"),remarks="Since `by-component` can reference `component` entries using the component\'s uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.")},hasCardinality=@HasCardinality(level=ERROR,target=".//by-component",minOccurs=1))
public class ImplementedRequirement
extends Object
    Describes how the system satisfies the requirements of an individual control.