001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 004import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 005import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 006import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 007import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 008import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 009import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 010import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 011import java.lang.Override; 012import java.lang.String; 013import java.util.LinkedList; 014import java.util.List; 015import java.util.UUID; 016import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 017import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 018 019/** 020 * A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP. 021 */ 022@MetaschemaAssembly( 023 formalName = "Plan of Action and Milestones (POA&M)", 024 description = "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.", 025 name = "plan-of-action-and-milestones", 026 metaschema = OscalPoamMetaschema.class, 027 rootName = "plan-of-action-and-milestones", 028 remarks = "Either an OSCAL-based SSP must be imported, or a unique system-id must be specified. Both may be present." 029) 030public class PlanOfActionAndMilestones extends AbstractOscalInstance { 031 @BoundFlag( 032 formalName = "POA&M Universally Unique Identifier", 033 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#instance)scope that can be used to reference this POA\\&M instance in [this OSCAL instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#poam-identifiers). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 034 useName = "uuid", 035 required = true, 036 typeAdapter = UuidAdapter.class 037 ) 038 private UUID _uuid; 039 040 @BoundAssembly( 041 formalName = "Document Metadata", 042 description = "Provides information about the containing document, and defines concepts that are shared across the document.", 043 useName = "metadata", 044 minOccurs = 1 045 ) 046 private Metadata _metadata; 047 048 @BoundAssembly( 049 formalName = "Import System Security Plan", 050 description = "Used by the assessment plan and POA\\&M to import information about the system.", 051 useName = "import-ssp", 052 remarks = "Used by the POA\\&M to import information about the system." 053 ) 054 private ImportSsp _importSsp; 055 056 @BoundField( 057 formalName = "System Identification", 058 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system identification property elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). When referencing an externally defined `system identification`, the `system identification` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same system across revisions of the document.", 059 useName = "system-id" 060 ) 061 private SystemId _systemId; 062 063 @BoundAssembly( 064 formalName = "Local Definitions", 065 description = "Allows components, and inventory-items to be defined within the POA\\&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA\\&M.", 066 useName = "local-definitions" 067 ) 068 private LocalDefinitions _localDefinitions; 069 070 @BoundAssembly( 071 formalName = "Observation", 072 description = "Describes an individual observation.", 073 useName = "observation", 074 maxOccurs = -1 075 ) 076 @GroupAs( 077 name = "observations", 078 inJson = JsonGroupAsBehavior.LIST 079 ) 080 private List<Observation> _observations; 081 082 @BoundAssembly( 083 formalName = "Identified Risk", 084 description = "An identified risk.", 085 useName = "risk", 086 maxOccurs = -1 087 ) 088 @GroupAs( 089 name = "risks", 090 inJson = JsonGroupAsBehavior.LIST 091 ) 092 private List<Risk> _risks; 093 094 @BoundAssembly( 095 formalName = "Finding", 096 description = "Describes an individual finding.", 097 useName = "finding", 098 maxOccurs = -1 099 ) 100 @GroupAs( 101 name = "findings", 102 inJson = JsonGroupAsBehavior.LIST 103 ) 104 private List<Finding> _findings; 105 106 @BoundAssembly( 107 formalName = "POA&M Item", 108 description = "Describes an individual POA\\&M item.", 109 useName = "poam-item", 110 minOccurs = 1, 111 maxOccurs = -1 112 ) 113 @GroupAs( 114 name = "poam-items", 115 inJson = JsonGroupAsBehavior.LIST 116 ) 117 private List<PoamItem> _poamItems; 118 119 @BoundAssembly( 120 formalName = "Back matter", 121 description = "A collection of resources that may be referenced from within the OSCAL document instance.", 122 useName = "back-matter" 123 ) 124 private BackMatter _backMatter; 125 126 public PlanOfActionAndMilestones() { 127 } 128 129 public UUID getUuid() { 130 return _uuid; 131 } 132 133 public void setUuid(UUID value) { 134 _uuid = value; 135 } 136 137 public Metadata getMetadata() { 138 return _metadata; 139 } 140 141 public void setMetadata(Metadata value) { 142 _metadata = value; 143 } 144 145 public ImportSsp getImportSsp() { 146 return _importSsp; 147 } 148 149 public void setImportSsp(ImportSsp value) { 150 _importSsp = value; 151 } 152 153 public SystemId getSystemId() { 154 return _systemId; 155 } 156 157 public void setSystemId(SystemId value) { 158 _systemId = value; 159 } 160 161 public LocalDefinitions getLocalDefinitions() { 162 return _localDefinitions; 163 } 164 165 public void setLocalDefinitions(LocalDefinitions value) { 166 _localDefinitions = value; 167 } 168 169 public List<Observation> getObservations() { 170 return _observations; 171 } 172 173 public void setObservations(List<Observation> value) { 174 _observations = value; 175 } 176 177 /** 178 * Add a new {@link Observation} item to the underlying collection. 179 * @param item the item to add 180 * @return {@code true} 181 */ 182 public boolean addObservation(Observation item) { 183 Observation value = ObjectUtils.requireNonNull(item,"item cannot be null"); 184 if (_observations == null) { 185 _observations = new LinkedList<>(); 186 } 187 return _observations.add(value); 188 } 189 190 /** 191 * Remove the first matching {@link Observation} item from the underlying collection. 192 * @param item the item to remove 193 * @return {@code true} if the item was removed or {@code false} otherwise 194 */ 195 public boolean removeObservation(Observation item) { 196 Observation value = ObjectUtils.requireNonNull(item,"item cannot be null"); 197 return _observations == null ? false : _observations.remove(value); 198 } 199 200 public List<Risk> getRisks() { 201 return _risks; 202 } 203 204 public void setRisks(List<Risk> value) { 205 _risks = value; 206 } 207 208 /** 209 * Add a new {@link Risk} item to the underlying collection. 210 * @param item the item to add 211 * @return {@code true} 212 */ 213 public boolean addRisk(Risk item) { 214 Risk value = ObjectUtils.requireNonNull(item,"item cannot be null"); 215 if (_risks == null) { 216 _risks = new LinkedList<>(); 217 } 218 return _risks.add(value); 219 } 220 221 /** 222 * Remove the first matching {@link Risk} item from the underlying collection. 223 * @param item the item to remove 224 * @return {@code true} if the item was removed or {@code false} otherwise 225 */ 226 public boolean removeRisk(Risk item) { 227 Risk value = ObjectUtils.requireNonNull(item,"item cannot be null"); 228 return _risks == null ? false : _risks.remove(value); 229 } 230 231 public List<Finding> getFindings() { 232 return _findings; 233 } 234 235 public void setFindings(List<Finding> value) { 236 _findings = value; 237 } 238 239 /** 240 * Add a new {@link Finding} item to the underlying collection. 241 * @param item the item to add 242 * @return {@code true} 243 */ 244 public boolean addFinding(Finding item) { 245 Finding value = ObjectUtils.requireNonNull(item,"item cannot be null"); 246 if (_findings == null) { 247 _findings = new LinkedList<>(); 248 } 249 return _findings.add(value); 250 } 251 252 /** 253 * Remove the first matching {@link Finding} item from the underlying collection. 254 * @param item the item to remove 255 * @return {@code true} if the item was removed or {@code false} otherwise 256 */ 257 public boolean removeFinding(Finding item) { 258 Finding value = ObjectUtils.requireNonNull(item,"item cannot be null"); 259 return _findings == null ? false : _findings.remove(value); 260 } 261 262 public List<PoamItem> getPoamItems() { 263 return _poamItems; 264 } 265 266 public void setPoamItems(List<PoamItem> value) { 267 _poamItems = value; 268 } 269 270 /** 271 * Add a new {@link PoamItem} item to the underlying collection. 272 * @param item the item to add 273 * @return {@code true} 274 */ 275 public boolean addPoamItem(PoamItem item) { 276 PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 277 if (_poamItems == null) { 278 _poamItems = new LinkedList<>(); 279 } 280 return _poamItems.add(value); 281 } 282 283 /** 284 * Remove the first matching {@link PoamItem} item from the underlying collection. 285 * @param item the item to remove 286 * @return {@code true} if the item was removed or {@code false} otherwise 287 */ 288 public boolean removePoamItem(PoamItem item) { 289 PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 290 return _poamItems == null ? false : _poamItems.remove(value); 291 } 292 293 public BackMatter getBackMatter() { 294 return _backMatter; 295 } 296 297 public void setBackMatter(BackMatter value) { 298 _backMatter = value; 299 } 300 301 @Override 302 public String toString() { 303 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 304 } 305}