001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue; 004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues; 005import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints; 006import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 007import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue; 009import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 010import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 011import gov.nist.secauto.metaschema.binding.model.annotations.HasCardinality; 012import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey; 013import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique; 014import gov.nist.secauto.metaschema.binding.model.annotations.KeyField; 015import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 016import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints; 017import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 018import gov.nist.secauto.metaschema.model.common.constraint.IConstraint; 019import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter; 020import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 021import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline; 022import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter; 023import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 024import java.lang.Override; 025import java.lang.String; 026import java.util.LinkedList; 027import java.util.List; 028import java.util.UUID; 029import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 030import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 031 032/** 033 * Describes how the system satisfies the requirements of an individual control. 034 */ 035@MetaschemaAssembly( 036 formalName = "Control-based Requirement", 037 description = "Describes how the system satisfies the requirements of an individual control.", 038 name = "implemented-requirement", 039 metaschema = OscalSspMetaschema.class, 040 remarks = "Use of `set-parameter` in this context, sets the parameter for the referenced control. Any `set-parameter` defined in a child context will override this value. If not overridden by a child, this value applies in the child context." 041) 042@ValueConstraints( 043 allowedValues = { 044 @AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "control-origination", description = "Identifies the source of the implemented control. Any `control-origination` prop defined in a child context will override the parent value.")), 045 @AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='control-origination']/@value", values = {@AllowedValue(value = "organization", description = "The control is implemented by the organization owning the system, but is not specific to the system itself."), @AllowedValue(value = "system-specific", description = "The control is implemented specifically to this system."), @AllowedValue(value = "customer-configured", description = "The control is provided by the system, but must be configured by the customer."), @AllowedValue(value = "customer-provided", description = "The control must be implemented by the customer."), @AllowedValue(value = "inherited", description = "This control is inherited from an underlying system.")}), 046 @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")}) 047 }, 048 indexHasKey = { 049 @IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-role-id", keyFields = @KeyField(target = "@role-id")), 050 @IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-party-uuid", keyFields = @KeyField(target = "party-uuid")) 051 } 052) 053@AssemblyConstraints( 054 isUnique = { 055 @IsUnique(id = "unique-ssp-implemented-requirement-set-parameter", level = IConstraint.Level.ERROR, target = "set-parameter", keyFields = @KeyField(target = "@param-id"), remarks = "Since multiple `set-parameter` entries can be provided, each parameter must be set only once."), 056 @IsUnique(id = "unique-ssp-implemented-requirement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."), 057 @IsUnique(id = "unique-ssp-implemented-requirement-statement", level = IConstraint.Level.ERROR, target = "statement", keyFields = @KeyField(target = "@statement-id"), remarks = "Since `statement` entries can be referenced using the statement's statement-id, each statement must be referenced only once."), 058 @IsUnique(id = "unique-ssp-implemented-requirement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.") 059 }, 060 hasCardinality = @HasCardinality(level = IConstraint.Level.ERROR, target = ".//by-component", minOccurs = 1) 061) 062public class ImplementedRequirement { 063 @BoundFlag( 064 formalName = "Control Requirement Universally Unique Identifier", 065 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control requirement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `control requirement` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 066 useName = "uuid", 067 required = true, 068 typeAdapter = UuidAdapter.class 069 ) 070 private UUID _uuid; 071 072 @BoundFlag( 073 formalName = "Control Identifier Reference", 074 description = "A reference to a control with a corresponding `id` value. When referencing an externally defined `control`, the `Control Identifier Reference` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", 075 useName = "control-id", 076 required = true, 077 typeAdapter = TokenAdapter.class 078 ) 079 private String _controlId; 080 081 @BoundAssembly( 082 formalName = "Property", 083 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 084 useName = "prop", 085 maxOccurs = -1 086 ) 087 @GroupAs( 088 name = "props", 089 inJson = JsonGroupAsBehavior.LIST 090 ) 091 private List<Property> _props; 092 093 @BoundAssembly( 094 formalName = "Link", 095 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 096 useName = "link", 097 maxOccurs = -1 098 ) 099 @GroupAs( 100 name = "links", 101 inJson = JsonGroupAsBehavior.LIST 102 ) 103 private List<Link> _links; 104 105 @BoundAssembly( 106 formalName = "Set Parameter Value", 107 description = "Identifies the parameter that will be set by the enclosed value.", 108 useName = "set-parameter", 109 maxOccurs = -1 110 ) 111 @GroupAs( 112 name = "set-parameters", 113 inJson = JsonGroupAsBehavior.LIST 114 ) 115 private List<SetParameter> _setParameters; 116 117 @BoundAssembly( 118 formalName = "Responsible Role", 119 description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", 120 useName = "responsible-role", 121 maxOccurs = -1 122 ) 123 @GroupAs( 124 name = "responsible-roles", 125 inJson = JsonGroupAsBehavior.LIST 126 ) 127 private List<ResponsibleRole> _responsibleRoles; 128 129 @BoundAssembly( 130 formalName = "Specific Control Statement", 131 description = "Identifies which statements within a control are addressed.", 132 useName = "statement", 133 maxOccurs = -1 134 ) 135 @GroupAs( 136 name = "statements", 137 inJson = JsonGroupAsBehavior.LIST 138 ) 139 private List<Statement> _statements; 140 141 @BoundAssembly( 142 formalName = "Component Control Implementation", 143 description = "Defines how the referenced component implements a set of controls.", 144 useName = "by-component", 145 maxOccurs = -1 146 ) 147 @GroupAs( 148 name = "by-components", 149 inJson = JsonGroupAsBehavior.LIST 150 ) 151 private List<ByComponent> _byComponents; 152 153 @BoundField( 154 formalName = "Remarks", 155 description = "Additional commentary about the containing object.", 156 useName = "remarks" 157 ) 158 @BoundFieldValue( 159 typeAdapter = MarkupMultilineAdapter.class 160 ) 161 private MarkupMultiline _remarks; 162 163 public ImplementedRequirement() { 164 } 165 166 public UUID getUuid() { 167 return _uuid; 168 } 169 170 public void setUuid(UUID value) { 171 _uuid = value; 172 } 173 174 public String getControlId() { 175 return _controlId; 176 } 177 178 public void setControlId(String value) { 179 _controlId = value; 180 } 181 182 public List<Property> getProps() { 183 return _props; 184 } 185 186 public void setProps(List<Property> value) { 187 _props = value; 188 } 189 190 /** 191 * Add a new {@link Property} item to the underlying collection. 192 * @param item the item to add 193 * @return {@code true} 194 */ 195 public boolean addProp(Property item) { 196 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 197 if (_props == null) { 198 _props = new LinkedList<>(); 199 } 200 return _props.add(value); 201 } 202 203 /** 204 * Remove the first matching {@link Property} item from the underlying collection. 205 * @param item the item to remove 206 * @return {@code true} if the item was removed or {@code false} otherwise 207 */ 208 public boolean removeProp(Property item) { 209 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 210 return _props == null ? false : _props.remove(value); 211 } 212 213 public List<Link> getLinks() { 214 return _links; 215 } 216 217 public void setLinks(List<Link> value) { 218 _links = value; 219 } 220 221 /** 222 * Add a new {@link Link} item to the underlying collection. 223 * @param item the item to add 224 * @return {@code true} 225 */ 226 public boolean addLink(Link item) { 227 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 228 if (_links == null) { 229 _links = new LinkedList<>(); 230 } 231 return _links.add(value); 232 } 233 234 /** 235 * Remove the first matching {@link Link} item from the underlying collection. 236 * @param item the item to remove 237 * @return {@code true} if the item was removed or {@code false} otherwise 238 */ 239 public boolean removeLink(Link item) { 240 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 241 return _links == null ? false : _links.remove(value); 242 } 243 244 public List<SetParameter> getSetParameters() { 245 return _setParameters; 246 } 247 248 public void setSetParameters(List<SetParameter> value) { 249 _setParameters = value; 250 } 251 252 /** 253 * Add a new {@link SetParameter} item to the underlying collection. 254 * @param item the item to add 255 * @return {@code true} 256 */ 257 public boolean addSetParameter(SetParameter item) { 258 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null"); 259 if (_setParameters == null) { 260 _setParameters = new LinkedList<>(); 261 } 262 return _setParameters.add(value); 263 } 264 265 /** 266 * Remove the first matching {@link SetParameter} item from the underlying collection. 267 * @param item the item to remove 268 * @return {@code true} if the item was removed or {@code false} otherwise 269 */ 270 public boolean removeSetParameter(SetParameter item) { 271 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null"); 272 return _setParameters == null ? false : _setParameters.remove(value); 273 } 274 275 public List<ResponsibleRole> getResponsibleRoles() { 276 return _responsibleRoles; 277 } 278 279 public void setResponsibleRoles(List<ResponsibleRole> value) { 280 _responsibleRoles = value; 281 } 282 283 /** 284 * Add a new {@link ResponsibleRole} item to the underlying collection. 285 * @param item the item to add 286 * @return {@code true} 287 */ 288 public boolean addResponsibleRole(ResponsibleRole item) { 289 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 290 if (_responsibleRoles == null) { 291 _responsibleRoles = new LinkedList<>(); 292 } 293 return _responsibleRoles.add(value); 294 } 295 296 /** 297 * Remove the first matching {@link ResponsibleRole} item from the underlying collection. 298 * @param item the item to remove 299 * @return {@code true} if the item was removed or {@code false} otherwise 300 */ 301 public boolean removeResponsibleRole(ResponsibleRole item) { 302 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 303 return _responsibleRoles == null ? false : _responsibleRoles.remove(value); 304 } 305 306 public List<Statement> getStatements() { 307 return _statements; 308 } 309 310 public void setStatements(List<Statement> value) { 311 _statements = value; 312 } 313 314 /** 315 * Add a new {@link Statement} item to the underlying collection. 316 * @param item the item to add 317 * @return {@code true} 318 */ 319 public boolean addStatement(Statement item) { 320 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null"); 321 if (_statements == null) { 322 _statements = new LinkedList<>(); 323 } 324 return _statements.add(value); 325 } 326 327 /** 328 * Remove the first matching {@link Statement} item from the underlying collection. 329 * @param item the item to remove 330 * @return {@code true} if the item was removed or {@code false} otherwise 331 */ 332 public boolean removeStatement(Statement item) { 333 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null"); 334 return _statements == null ? false : _statements.remove(value); 335 } 336 337 public List<ByComponent> getByComponents() { 338 return _byComponents; 339 } 340 341 public void setByComponents(List<ByComponent> value) { 342 _byComponents = value; 343 } 344 345 /** 346 * Add a new {@link ByComponent} item to the underlying collection. 347 * @param item the item to add 348 * @return {@code true} 349 */ 350 public boolean addByComponent(ByComponent item) { 351 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 352 if (_byComponents == null) { 353 _byComponents = new LinkedList<>(); 354 } 355 return _byComponents.add(value); 356 } 357 358 /** 359 * Remove the first matching {@link ByComponent} item from the underlying collection. 360 * @param item the item to remove 361 * @return {@code true} if the item was removed or {@code false} otherwise 362 */ 363 public boolean removeByComponent(ByComponent item) { 364 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 365 return _byComponents == null ? false : _byComponents.remove(value); 366 } 367 368 public MarkupMultiline getRemarks() { 369 return _remarks; 370 } 371 372 public void setRemarks(MarkupMultiline value) { 373 _remarks = value; 374 } 375 376 @Override 377 public String toString() { 378 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 379 } 380}