Package gov.nist.secauto.oscal.lib.model

Class SystemComponent

  • @MetaschemaAssembly(formalName="Component",
                    description="A defined component that can be part of an implemented system.",
                    name="system-component",
                    metaschema=OscalImplementationCommonMetaschema.class,
                    remarks="Components may be products, services, application programming interface (APIs), policies, processes, plans, guidance, standards, or other tangible items that enable security and/or privacy.\n\nThe `type` indicates which of these component types is represented.\n\nWhen defining a `service` component where are relationship to other components is known, one or more `link` entries with rel values of provided-by and used-by can be used to link to the specific component identifier(s) that provide and use the service respectively.")
@ValueConstraints(allowedValues={@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values={@AllowedValue(value="implementation-point",description="Relative placement of component (\'internal\' or \'external\') to the system."),@AllowedValue(value="leveraged-authorization-uuid",description="UUID of the related leveraged-authorization assembly in this SSP."),@AllowedValue(value="inherited-uuid",description="UUID of the component as it was assigned in the leveraged system\'s SSP."),@AllowedValue(value="asset-type",description="Simple indication of the asset\'s function, such as Router, Storage Array, DNS Server."),@AllowedValue(value="asset-id",description="An organizationally specific identifier that is used to uniquely identify a logical or tangible item by the organization that owns the item."),@AllowedValue(value="asset-tag",description="An asset tag assigned by the organization responsible for maintaining the logical or tangible item."),@AllowedValue(value="public",description="Identifies whether the asset is publicly accessible (yes/no)"),@AllowedValue(value="virtual",description="Identifies whether the asset is virtualized (yes/no)"),@AllowedValue(value="vlan-id",description="Virtual LAN identifier of the asset."),@AllowedValue(value="network-id",description="The network identifier of the asset."),@AllowedValue(value="label",description="A human-readable label for the parent context."),@AllowedValue(value="sort-id",description="An alternative identifier, whose value is easily sortable among other such values in the document."),@AllowedValue(value="baseline-configuration-name",description="The name of the baseline configuration for the asset."),@AllowedValue(value="allows-authenticated-scan",description="Can the asset be check with an authenticated scan? (yes/no)"),@AllowedValue(value="function",description="The function provided by the asset for the system."),@AllowedValue(value="version",description="The version of the component."),@AllowedValue(value="patch-level",description="The specific patch level of the component."),@AllowedValue(value="model",description="The model of the component."),@AllowedValue(value="release-date",description="The date the component was released, such as a software release date or policy publication date."),@AllowedValue(value="validation-type",description="Used with component-type=\'validation\' to provide a well-known name for a kind of validation."),@AllowedValue(value="validation-reference",description="Used with component-type=\'validation\' to indicate the validating body\'s assigned identifier for their validation of this component.")}),@AllowedValues(level=ERROR,target="link/@rel",allowOthers=true,values={@AllowedValue(value="depends-on",description="A reference to another component that this component has a dependency on."),@AllowedValue(value="validation",description="A reference to another component of component-type=validation, that is a validation (e.g., FIPS 140-2) for this component"),@AllowedValue(value="proof-of-compliance",description="A pointer to a validation record (e.g., FIPS 140-2) or other compliance information."),@AllowedValue(value="baseline-template",description="A reference to the baseline template used to configure the asset."),@AllowedValue(value="uses-service",description="This service is used by the referenced component identifier."),@AllowedValue(value="system-security-plan",description="A link to the system security plan of the external system."),@AllowedValue(value="uses-network",description="This component uses the network provided by the identified network component."),@AllowedValue(value="imported-from",description="The hyperlink identifies a URI pointing to the `component` in a `component-definition` that originally defined the `component`.")}),@AllowedValues(level=ERROR,target="responsible-role/@role-id",allowOthers=true,values={@AllowedValue(value="asset-owner",description="Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."),@AllowedValue(value="asset-administrator",description="Responsible for administering a set of assets."),@AllowedValue(value="security-operations",description="Members of the security operations center (SOC)."),@AllowedValue(value="network-operations",description="Members of the network operations center (NOC)."),@AllowedValue(value="incident-response",description="Responsible for responding to an event that could lead to loss of, or disruption to, an organization\'s operations, services or functions."),@AllowedValue(value="help-desk",description="Responsible for providing information and support to users."),@AllowedValue(value="configuration-management",description="Responsible for the configuration management processes governing changes to the asset."),@AllowedValue(value="maintainer",description="Responsible for the creation and maintenance of a component."),@AllowedValue(value="provider",description="Organization responsible for providing the component, if this is different from the \"maintainer\" (e.g., a reseller).")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'asset-type\']/@value",allowOthers=true,values={@AllowedValue(value="operating-system",description="System software that manages computer hardware, software resources, and provides common services for computer programs."),@AllowedValue(value="database",description="An electronic collection of data, or information, that is specially organized for rapid search and retrieval."),@AllowedValue(value="web-server",description="A system that delivers content or services to end users over the Internet or an intranet."),@AllowedValue(value="dns-server",description="A system that resolves domain names to internet protocol (IP) addresses."),@AllowedValue(value="email-server",description="A computer system that sends and receives electronic mail messages."),@AllowedValue(value="directory-server",description="A system that stores, organizes and provides access to directory information in order to unify network resources."),@AllowedValue(value="pbx",description="A private branch exchange (PBX) provides a a private telephone switchboard."),@AllowedValue(value="firewall",description="A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules."),@AllowedValue(value="router",description="A physical or virtual networking device that forwards data packets between computer networks."),@AllowedValue(value="switch",description="A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device."),@AllowedValue(value="storage-array",description="A consolidated, block-level data storage capability."),@AllowedValue(value="appliance",description="A physical or virtual machine that centralizes hardware, software, or services for a specific purpose.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'allows-authenticated-scan\']/@value",values={@AllowedValue(value="yes",description="The component allows an authenticated scan."),@AllowedValue(value="no",description="The component does not allow an authenticated scan.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'public\']/@value",values={@AllowedValue(value="yes",description="The component is publicly accessible."),@AllowedValue(value="no",description="The component is not publicly accessible.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'virtual\']/@value",values={@AllowedValue(value="yes",description="The component is virtualized."),@AllowedValue(value="no",description="The component is not virtualized.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'implementation-point\']/@value",values={@AllowedValue(value="internal",description="The component is implemented within the system boundary."),@AllowedValue(value="external",description="The component is implemented outside the system boundary.")}),@AllowedValues(level=ERROR,target="(.)[@type=(\'software\', \'hardware\', \'service\')]/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values=@AllowedValue(value="vendor-name",description="The name of the company or organization")),@AllowedValues(level=ERROR,target="(.)[@type=\'validation\']/link/@rel",allowOthers=true,values=@AllowedValue(value="validation-details",description="A link to an online information provided by the authorizing body.")),@AllowedValues(level=ERROR,target="(.)[@type=\'software\']/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values=@AllowedValue(value="software-identifier",description="If a \"software\" component-type, the identifier, such as a SWID tag, for the software component.")),@AllowedValues(level=ERROR,target="(.)[@type=\'service\']/link/@rel",allowOthers=true,values={@AllowedValue(value="provided-by",description="This service is provided by the referenced component identifier."),@AllowedValue(value="used-by",description="This service is used by the referenced component identifier.")}),@AllowedValues(level=ERROR,target="(.)[@type=\'interconnection\']/prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values={@AllowedValue(value="isa-title",description="Title of the Interconnection Security Agreement (ISA)."),@AllowedValue(value="isa-date",description="Date of the Interconnection Security Agreement (ISA)."),@AllowedValue(value="isa-remote-system-name",description="The name of the remote interconnected system."),@AllowedValue(value="ipv4-address",description="An Internet Protocol Version 4 interconnection address"),@AllowedValue(value="ipv6-address",description="An Internet Protocol Version 6 interconnection address"),@AllowedValue(value="direction",description="An Internet Protocol Version 6 interconnection address")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=(\'ipv4-address\',\'ipv6-address\')]/@class",values={@AllowedValue(value="local",description="The identified IP address is for this system."),@AllowedValue(value="remote",description="The identified IP address is for the remote system to which this system is connected.")}),@AllowedValues(level=ERROR,target="(.)[@type=\'interconnection\']/link/@rel",allowOthers=true,values=@AllowedValue(value="isa-agreement",description="A link to the system interconnection agreement.")),@AllowedValues(level=ERROR,target="(.)[@type=\'interconnection\']/responsible-role/@role-id",allowOthers=true,values={@AllowedValue(value="isa-poc-local",description="Interconnection Security Agreement (ISA) point of contact (POC) for this system."),@AllowedValue(value="isa-poc-remote",description="Interconnection Security Agreement (ISA) point of contact (POC) for the remote interconnected system."),@AllowedValue(value="isa-authorizing-official-local",description="Interconnection Security Agreement (ISA) authorizing official for this system."),@AllowedValue(value="isa-authorizing-official-remote",description="Interconnection Security Agreement (ISA) authorizing official for the remote interconnected system.")}),@AllowedValues(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'direction\']/@value",values={@AllowedValue(value="incoming",description="Data from the remote system flows into this system."),@AllowedValue(value="outgoing",description="Data from this system flows to the remote system.")})},indexHasKey=@IndexHasKey(level=ERROR,target="prop[@name=\'physical-location\']",indexName="index-metadata-location-uuid",keyFields=@KeyField(target="@value")),matches={@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'inherited-uuid\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter.class),@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'release-date\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.DateAdapter.class),@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'isa-date\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.DateTimeAdapter.class),@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'ipv4-address\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.IPv4AddressAdapter.class),@Matches(level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'ipv6-address\']/@value",typeAdapter=gov.nist.secauto.metaschema.model.common.datatype.adapter.IPv6AddressAdapter.class)},expect=@Expect(level=ERROR,test="not(exists((.)[not(@type=\'service\')]/protocol))"))
@AssemblyConstraints(isUnique=@IsUnique(id="unique-system-component-responsible-role",level=ERROR,target="responsible-role",keyFields=@KeyField(target="@role-id"),remarks="Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."))
public class SystemComponent
extends Object
    A defined component that can be part of an implemented system.