Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
004import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
005import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
006import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
007import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
008import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
009import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
010import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
011import java.lang.Override;
012import java.lang.String;
013import java.util.LinkedList;
014import java.util.List;
015import java.util.UUID;
016import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
017import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
018
019/**
020 * A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.
021 */
022@MetaschemaAssembly(
023    formalName = "Plan of Action and Milestones (POA&M)",
024    description = "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.",
025    name = "plan-of-action-and-milestones",
026    metaschema = OscalPoamMetaschema.class,
027    rootName = "plan-of-action-and-milestones",
028    remarks = "Either an OSCAL-based SSP must be imported, or a unique system-id must be specified. Both may be present."
029)
030public class PlanOfActionAndMilestones extends AbstractOscalInstance {
031  @BoundFlag(
032      formalName = "POA&M Universally Unique Identifier",
033      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#instance)scope that can be used to reference this POA\\&M instance in [this OSCAL instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#poam-identifiers). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
034      useName = "uuid",
035      required = true,
036      typeAdapter = UuidAdapter.class
037  )
038  private UUID _uuid;
039
040  @BoundAssembly(
041      formalName = "Document Metadata",
042      description = "Provides information about the containing document, and defines concepts that are shared across the document.",
043      useName = "metadata",
044      minOccurs = 1
045  )
046  private Metadata _metadata;
047
048  @BoundAssembly(
049      formalName = "Import System Security Plan",
050      description = "Used by the assessment plan and POA\\&M to import information about the system.",
051      useName = "import-ssp",
052      remarks = "Used by the POA\\&M to import information about the system."
053  )
054  private ImportSsp _importSsp;
055
056  @BoundField(
057      formalName = "System Identification",
058      description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system identification property elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). When referencing an externally defined `system identification`, the `system identification` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same system across revisions of the document.",
059      useName = "system-id"
060  )
061  private SystemId _systemId;
062
063  @BoundAssembly(
064      formalName = "Local Definitions",
065      description = "Allows components, and inventory-items to be defined within the POA\\&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA\\&M.",
066      useName = "local-definitions"
067  )
068  private LocalDefinitions _localDefinitions;
069
070  @BoundAssembly(
071      formalName = "Observation",
072      description = "Describes an individual observation.",
073      useName = "observation",
074      maxOccurs = -1
075  )
076  @GroupAs(
077      name = "observations",
078      inJson = JsonGroupAsBehavior.LIST
079  )
080  private List<Observation> _observations;
081
082  @BoundAssembly(
083      formalName = "Identified Risk",
084      description = "An identified risk.",
085      useName = "risk",
086      maxOccurs = -1
087  )
088  @GroupAs(
089      name = "risks",
090      inJson = JsonGroupAsBehavior.LIST
091  )
092  private List<Risk> _risks;
093
094  @BoundAssembly(
095      formalName = "Finding",
096      description = "Describes an individual finding.",
097      useName = "finding",
098      maxOccurs = -1
099  )
100  @GroupAs(
101      name = "findings",
102      inJson = JsonGroupAsBehavior.LIST
103  )
104  private List<Finding> _findings;
105
106  @BoundAssembly(
107      formalName = "POA&M Item",
108      description = "Describes an individual POA\\&M item.",
109      useName = "poam-item",
110      minOccurs = 1,
111      maxOccurs = -1
112  )
113  @GroupAs(
114      name = "poam-items",
115      inJson = JsonGroupAsBehavior.LIST
116  )
117  private List<PoamItem> _poamItems;
118
119  @BoundAssembly(
120      formalName = "Back matter",
121      description = "A collection of resources that may be referenced from within the OSCAL document instance.",
122      useName = "back-matter"
123  )
124  private BackMatter _backMatter;
125
126  public PlanOfActionAndMilestones() {
127  }
128
129  public UUID getUuid() {
130    return _uuid;
131  }
132
133  public void setUuid(UUID value) {
134    _uuid = value;
135  }
136
137  public Metadata getMetadata() {
138    return _metadata;
139  }
140
141  public void setMetadata(Metadata value) {
142    _metadata = value;
143  }
144
145  public ImportSsp getImportSsp() {
146    return _importSsp;
147  }
148
149  public void setImportSsp(ImportSsp value) {
150    _importSsp = value;
151  }
152
153  public SystemId getSystemId() {
154    return _systemId;
155  }
156
157  public void setSystemId(SystemId value) {
158    _systemId = value;
159  }
160
161  public LocalDefinitions getLocalDefinitions() {
162    return _localDefinitions;
163  }
164
165  public void setLocalDefinitions(LocalDefinitions value) {
166    _localDefinitions = value;
167  }
168
169  public List<Observation> getObservations() {
170    return _observations;
171  }
172
173  public void setObservations(List<Observation> value) {
174    _observations = value;
175  }
176
177  /**
178   * Add a new {@link Observation} item to the underlying collection.
179   * @param item the item to add
180   * @return {@code true}
181   */
182  public boolean addObservation(Observation item) {
183    Observation value = ObjectUtils.requireNonNull(item,"item cannot be null");
184    if (_observations == null) {
185      _observations = new LinkedList<>();
186    }
187    return _observations.add(value);
188  }
189
190  /**
191   * Remove the first matching {@link Observation} item from the underlying collection.
192   * @param item the item to remove
193   * @return {@code true} if the item was removed or {@code false} otherwise
194   */
195  public boolean removeObservation(Observation item) {
196    Observation value = ObjectUtils.requireNonNull(item,"item cannot be null");
197    return _observations == null ? false : _observations.remove(value);
198  }
199
200  public List<Risk> getRisks() {
201    return _risks;
202  }
203
204  public void setRisks(List<Risk> value) {
205    _risks = value;
206  }
207
208  /**
209   * Add a new {@link Risk} item to the underlying collection.
210   * @param item the item to add
211   * @return {@code true}
212   */
213  public boolean addRisk(Risk item) {
214    Risk value = ObjectUtils.requireNonNull(item,"item cannot be null");
215    if (_risks == null) {
216      _risks = new LinkedList<>();
217    }
218    return _risks.add(value);
219  }
220
221  /**
222   * Remove the first matching {@link Risk} item from the underlying collection.
223   * @param item the item to remove
224   * @return {@code true} if the item was removed or {@code false} otherwise
225   */
226  public boolean removeRisk(Risk item) {
227    Risk value = ObjectUtils.requireNonNull(item,"item cannot be null");
228    return _risks == null ? false : _risks.remove(value);
229  }
230
231  public List<Finding> getFindings() {
232    return _findings;
233  }
234
235  public void setFindings(List<Finding> value) {
236    _findings = value;
237  }
238
239  /**
240   * Add a new {@link Finding} item to the underlying collection.
241   * @param item the item to add
242   * @return {@code true}
243   */
244  public boolean addFinding(Finding item) {
245    Finding value = ObjectUtils.requireNonNull(item,"item cannot be null");
246    if (_findings == null) {
247      _findings = new LinkedList<>();
248    }
249    return _findings.add(value);
250  }
251
252  /**
253   * Remove the first matching {@link Finding} item from the underlying collection.
254   * @param item the item to remove
255   * @return {@code true} if the item was removed or {@code false} otherwise
256   */
257  public boolean removeFinding(Finding item) {
258    Finding value = ObjectUtils.requireNonNull(item,"item cannot be null");
259    return _findings == null ? false : _findings.remove(value);
260  }
261
262  public List<PoamItem> getPoamItems() {
263    return _poamItems;
264  }
265
266  public void setPoamItems(List<PoamItem> value) {
267    _poamItems = value;
268  }
269
270  /**
271   * Add a new {@link PoamItem} item to the underlying collection.
272   * @param item the item to add
273   * @return {@code true}
274   */
275  public boolean addPoamItem(PoamItem item) {
276    PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
277    if (_poamItems == null) {
278      _poamItems = new LinkedList<>();
279    }
280    return _poamItems.add(value);
281  }
282
283  /**
284   * Remove the first matching {@link PoamItem} item from the underlying collection.
285   * @param item the item to remove
286   * @return {@code true} if the item was removed or {@code false} otherwise
287   */
288  public boolean removePoamItem(PoamItem item) {
289    PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
290    return _poamItems == null ? false : _poamItems.remove(value);
291  }
292
293  public BackMatter getBackMatter() {
294    return _backMatter;
295  }
296
297  public void setBackMatter(BackMatter value) {
298    _backMatter = value;
299  }
300
301  @Override
302  public String toString() {
303    return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
304  }
305}