Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
004import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
005import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
006import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
007import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
008import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
009import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
010import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
011import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
012import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
013import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
014import java.lang.Override;
015import java.lang.String;
016import java.util.LinkedList;
017import java.util.List;
018import java.util.UUID;
019import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
020import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
021
022/**
023 * Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
024 */
025@MetaschemaAssembly(
026    formalName = "Security Assessment Results (SAR)",
027    description = "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.",
028    name = "assessment-results",
029    metaschema = OscalArMetaschema.class,
030    rootName = "assessment-results"
031)
032public class AssessmentResults {
033  @BoundFlag(
034      formalName = "Assessment Results Universally Unique Identifier",
035      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this assessment results instance in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ar-identifiers). The locally defined *UUID* of the `assessment result` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
036      useName = "uuid",
037      required = true,
038      typeAdapter = UuidAdapter.class
039  )
040  private UUID _uuid;
041
042  @BoundAssembly(
043      formalName = "Document Metadata",
044      description = "Provides information about the containing document, and defines concepts that are shared across the document.",
045      useName = "metadata",
046      minOccurs = 1
047  )
048  private Metadata _metadata;
049
050  @BoundAssembly(
051      formalName = "Import Assessment Plan",
052      description = "Used by assessment-results to import information about the original plan for assessing the system.",
053      useName = "import-ap",
054      minOccurs = 1,
055      remarks = "Used by the SAR to import information about the original plan for assessing the system."
056  )
057  private ImportAp _importAp;
058
059  /**
060   * "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP."
061   */
062  @BoundAssembly(
063      formalName = "Local Definitions",
064      description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
065      useName = "local-definitions"
066  )
067  private LocalDefinitions _localDefinitions;
068
069  @BoundAssembly(
070      formalName = "Assessment Result",
071      description = "Used by the assessment results and POA\\&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA\\&M, this identifies initial and residual risks, deviations, and disposition.",
072      useName = "result",
073      minOccurs = 1,
074      maxOccurs = -1
075  )
076  @GroupAs(
077      name = "results",
078      inJson = JsonGroupAsBehavior.LIST
079  )
080  private List<Result> _results;
081
082  @BoundAssembly(
083      formalName = "Back matter",
084      description = "A collection of resources that may be referenced from within the OSCAL document instance.",
085      useName = "back-matter"
086  )
087  private BackMatter _backMatter;
088
089  public AssessmentResults() {
090  }
091
092  public UUID getUuid() {
093    return _uuid;
094  }
095
096  public void setUuid(UUID value) {
097    _uuid = value;
098  }
099
100  public Metadata getMetadata() {
101    return _metadata;
102  }
103
104  public void setMetadata(Metadata value) {
105    _metadata = value;
106  }
107
108  public ImportAp getImportAp() {
109    return _importAp;
110  }
111
112  public void setImportAp(ImportAp value) {
113    _importAp = value;
114  }
115
116  public LocalDefinitions getLocalDefinitions() {
117    return _localDefinitions;
118  }
119
120  public void setLocalDefinitions(LocalDefinitions value) {
121    _localDefinitions = value;
122  }
123
124  public List<Result> getResults() {
125    return _results;
126  }
127
128  public void setResults(List<Result> value) {
129    _results = value;
130  }
131
132  /**
133   * Add a new {@link Result} item to the underlying collection.
134   * @param item the item to add
135   * @return {@code true}
136   */
137  public boolean addResult(Result item) {
138    Result value = ObjectUtils.requireNonNull(item,"item cannot be null");
139    if (_results == null) {
140      _results = new LinkedList<>();
141    }
142    return _results.add(value);
143  }
144
145  /**
146   * Remove the first matching {@link Result} item from the underlying collection.
147   * @param item the item to remove
148   * @return {@code true} if the item was removed or {@code false} otherwise
149   */
150  public boolean removeResult(Result item) {
151    Result value = ObjectUtils.requireNonNull(item,"item cannot be null");
152    return _results == null ? false : _results.remove(value);
153  }
154
155  public BackMatter getBackMatter() {
156    return _backMatter;
157  }
158
159  public void setBackMatter(BackMatter value) {
160    _backMatter = value;
161  }
162
163  @Override
164  public String toString() {
165    return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
166  }
167
168  /**
169   * Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
170   */
171  @MetaschemaAssembly(
172      formalName = "Local Definitions",
173      description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
174      name = "local-definitions",
175      metaschema = OscalArMetaschema.class
176  )
177  public static class LocalDefinitions {
178    @BoundAssembly(
179        formalName = "Assessment-Specific Control Objective",
180        description = "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.",
181        useName = "objectives-and-methods",
182        maxOccurs = -1
183    )
184    @GroupAs(
185        name = "objectives-and-methods",
186        inJson = JsonGroupAsBehavior.LIST
187    )
188    private List<LocalObjective> _objectivesAndMethods;
189
190    @BoundAssembly(
191        formalName = "Activity",
192        description = "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.",
193        useName = "activity",
194        maxOccurs = -1
195    )
196    @GroupAs(
197        name = "activities",
198        inJson = JsonGroupAsBehavior.LIST
199    )
200    private List<Activity> _activities;
201
202    @BoundField(
203        formalName = "Remarks",
204        description = "Additional commentary about the containing object.",
205        useName = "remarks"
206    )
207    @BoundFieldValue(
208        typeAdapter = MarkupMultilineAdapter.class
209    )
210    private MarkupMultiline _remarks;
211
212    public LocalDefinitions() {
213    }
214
215    public List<LocalObjective> getObjectivesAndMethods() {
216      return _objectivesAndMethods;
217    }
218
219    public void setObjectivesAndMethods(List<LocalObjective> value) {
220      _objectivesAndMethods = value;
221    }
222
223    /**
224     * Add a new {@link LocalObjective} item to the underlying collection.
225     * @param item the item to add
226     * @return {@code true}
227     */
228    public boolean addObjectivesAndMethods(LocalObjective item) {
229      LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
230      if (_objectivesAndMethods == null) {
231        _objectivesAndMethods = new LinkedList<>();
232      }
233      return _objectivesAndMethods.add(value);
234    }
235
236    /**
237     * Remove the first matching {@link LocalObjective} item from the underlying collection.
238     * @param item the item to remove
239     * @return {@code true} if the item was removed or {@code false} otherwise
240     */
241    public boolean removeObjectivesAndMethods(LocalObjective item) {
242      LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
243      return _objectivesAndMethods == null ? false : _objectivesAndMethods.remove(value);
244    }
245
246    public List<Activity> getActivities() {
247      return _activities;
248    }
249
250    public void setActivities(List<Activity> value) {
251      _activities = value;
252    }
253
254    /**
255     * Add a new {@link Activity} item to the underlying collection.
256     * @param item the item to add
257     * @return {@code true}
258     */
259    public boolean addActivity(Activity item) {
260      Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
261      if (_activities == null) {
262        _activities = new LinkedList<>();
263      }
264      return _activities.add(value);
265    }
266
267    /**
268     * Remove the first matching {@link Activity} item from the underlying collection.
269     * @param item the item to remove
270     * @return {@code true} if the item was removed or {@code false} otherwise
271     */
272    public boolean removeActivity(Activity item) {
273      Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
274      return _activities == null ? false : _activities.remove(value);
275    }
276
277    public MarkupMultiline getRemarks() {
278      return _remarks;
279    }
280
281    public void setRemarks(MarkupMultiline value) {
282      _remarks = value;
283    }
284
285    @Override
286    public String toString() {
287      return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
288    }
289  }
290}