Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
005import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
006import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
007import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
009import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
010import gov.nist.secauto.metaschema.binding.model.annotations.Matches;
011import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
012import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
013import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
014import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
015import gov.nist.secauto.metaschema.model.common.datatype.adapter.DateTimeWithTZAdapter;
016import gov.nist.secauto.metaschema.model.common.datatype.adapter.IntegerAdapter;
017import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
018import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
019import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
020import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
021import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
022import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
023import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
024import java.lang.Override;
025import java.lang.String;
026import java.time.ZonedDateTime;
027import java.util.LinkedList;
028import java.util.List;
029import java.util.UUID;
030import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
031import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
032
033/**
034 * An identified risk.
035 */
036@MetaschemaAssembly(
037    formalName = "Identified Risk",
038    description = "An identified risk.",
039    name = "risk",
040    metaschema = OscalAssessmentCommonMetaschema.class
041)
042@ValueConstraints(
043    allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "false-positive", description = "The risk has been confirmed to be a false positive."), @AllowedValue(value = "accepted", description = "The risk has been accepted. No further action will be taken."), @AllowedValue(value = "risk-adjusted", description = "The risk has been adjusted."), @AllowedValue(value = "priority", description = "A numeric value indicating the sequence in which risks should be addressed. (Lower numbers are higher priority)")}),
044    matches = @Matches(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='priority']/@value", typeAdapter = IntegerAdapter.class)
045)
046public class Risk {
047  @BoundFlag(
048      formalName = "Risk Universally Unique Identifier",
049      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this risk elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
050      useName = "uuid",
051      required = true,
052      typeAdapter = UuidAdapter.class
053  )
054  private UUID _uuid;
055
056  /**
057   * "The title for this risk."
058   */
059  @BoundField(
060      formalName = "Risk Title",
061      description = "The title for this risk.",
062      useName = "title",
063      minOccurs = 1
064  )
065  @BoundFieldValue(
066      typeAdapter = MarkupLineAdapter.class
067  )
068  private MarkupLine _title;
069
070  /**
071   * "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system."
072   */
073  @BoundField(
074      formalName = "Risk Description",
075      description = "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.",
076      useName = "description",
077      minOccurs = 1
078  )
079  @BoundFieldValue(
080      typeAdapter = MarkupMultilineAdapter.class
081  )
082  private MarkupMultiline _description;
083
084  /**
085   * "An summary of impact for how the risk affects the system."
086   */
087  @BoundField(
088      formalName = "Risk Statement",
089      description = "An summary of impact for how the risk affects the system.",
090      useName = "statement",
091      minOccurs = 1
092  )
093  @BoundFieldValue(
094      typeAdapter = MarkupMultilineAdapter.class
095  )
096  private MarkupMultiline _statement;
097
098  @BoundAssembly(
099      formalName = "Property",
100      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
101      useName = "prop",
102      maxOccurs = -1
103  )
104  @GroupAs(
105      name = "props",
106      inJson = JsonGroupAsBehavior.LIST
107  )
108  private List<Property> _props;
109
110  @BoundAssembly(
111      formalName = "Link",
112      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
113      useName = "link",
114      maxOccurs = -1
115  )
116  @GroupAs(
117      name = "links",
118      inJson = JsonGroupAsBehavior.LIST
119  )
120  private List<Link> _links;
121
122  @BoundField(
123      formalName = "Risk Status",
124      description = "Describes the status of the associated risk.",
125      useName = "status",
126      minOccurs = 1
127  )
128  @BoundFieldValue(
129      typeAdapter = TokenAdapter.class
130  )
131  @ValueConstraints(
132      allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "open", description = "The risk has been identified."), @AllowedValue(value = "investigating", description = "The identified risk is being investigated. (Open risk)"), @AllowedValue(value = "remediating", description = "Remediation activities are underway, but are not yet complete. (Open risk)"), @AllowedValue(value = "deviation-requested", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been submitted for approval. (Open risk)"), @AllowedValue(value = "deviation-approved", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been approved. (Open risk)"), @AllowedValue(value = "closed", description = "The risk has been resolved.")})
133  )
134  private String _status;
135
136  @BoundAssembly(
137      formalName = "Origin",
138      description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
139      useName = "origin",
140      maxOccurs = -1,
141      remarks = "Used to identify the individual and/or tool that identified this risk."
142  )
143  @GroupAs(
144      name = "origins",
145      inJson = JsonGroupAsBehavior.LIST
146  )
147  private List<Origin> _origins;
148
149  @BoundField(
150      formalName = "Threat ID",
151      description = "A pointer, by ID, to an externally-defined threat.",
152      useName = "threat-id",
153      maxOccurs = -1
154  )
155  @GroupAs(
156      name = "threat-ids",
157      inJson = JsonGroupAsBehavior.LIST
158  )
159  private List<ThreatId> _threatIds;
160
161  @BoundAssembly(
162      formalName = "Characterization",
163      description = "A collection of descriptive data about the containing object from a specific origin.",
164      useName = "characterization",
165      maxOccurs = -1
166  )
167  @GroupAs(
168      name = "characterizations",
169      inJson = JsonGroupAsBehavior.LIST
170  )
171  private List<Characterization> _characterizations;
172
173  /**
174   * "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP."
175   */
176  @BoundAssembly(
177      formalName = "Mitigating Factor",
178      description = "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.",
179      useName = "mitigating-factor",
180      maxOccurs = -1
181  )
182  @GroupAs(
183      name = "mitigating-factors",
184      inJson = JsonGroupAsBehavior.LIST
185  )
186  private List<MitigatingFactor> _mitigatingFactors;
187
188  /**
189   * "The date/time by which the risk must be resolved."
190   */
191  @BoundField(
192      formalName = "Risk Resolution Deadline",
193      description = "The date/time by which the risk must be resolved.",
194      useName = "deadline"
195  )
196  @BoundFieldValue(
197      typeAdapter = DateTimeWithTZAdapter.class
198  )
199  private ZonedDateTime _deadline;
200
201  @BoundAssembly(
202      formalName = "Risk Response",
203      description = "Describes either recommended or an actual plan for addressing the risk.",
204      useName = "response",
205      maxOccurs = -1
206  )
207  @GroupAs(
208      name = "remediations",
209      inJson = JsonGroupAsBehavior.LIST
210  )
211  private List<Response> _remediations;
212
213  /**
214   * "A log of all risk-related tasks taken."
215   */
216  @BoundAssembly(
217      formalName = "Risk Log",
218      description = "A log of all risk-related tasks taken.",
219      useName = "risk-log"
220  )
221  private RiskLog _riskLog;
222
223  /**
224   * "Relates the finding to a set of referenced observations that were used to determine the finding."
225   */
226  @BoundAssembly(
227      formalName = "Related Observation",
228      description = "Relates the finding to a set of referenced observations that were used to determine the finding.",
229      useName = "related-observation",
230      maxOccurs = -1
231  )
232  @GroupAs(
233      name = "related-observations",
234      inJson = JsonGroupAsBehavior.LIST
235  )
236  private List<RelatedObservation> _relatedObservations;
237
238  public Risk() {
239  }
240
241  public UUID getUuid() {
242    return _uuid;
243  }
244
245  public void setUuid(UUID value) {
246    _uuid = value;
247  }
248
249  public MarkupLine getTitle() {
250    return _title;
251  }
252
253  public void setTitle(MarkupLine value) {
254    _title = value;
255  }
256
257  public MarkupMultiline getDescription() {
258    return _description;
259  }
260
261  public void setDescription(MarkupMultiline value) {
262    _description = value;
263  }
264
265  public MarkupMultiline getStatement() {
266    return _statement;
267  }
268
269  public void setStatement(MarkupMultiline value) {
270    _statement = value;
271  }
272
273  public List<Property> getProps() {
274    return _props;
275  }
276
277  public void setProps(List<Property> value) {
278    _props = value;
279  }
280
281  /**
282   * Add a new {@link Property} item to the underlying collection.
283   * @param item the item to add
284   * @return {@code true}
285   */
286  public boolean addProp(Property item) {
287    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
288    if (_props == null) {
289      _props = new LinkedList<>();
290    }
291    return _props.add(value);
292  }
293
294  /**
295   * Remove the first matching {@link Property} item from the underlying collection.
296   * @param item the item to remove
297   * @return {@code true} if the item was removed or {@code false} otherwise
298   */
299  public boolean removeProp(Property item) {
300    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
301    return _props == null ? false : _props.remove(value);
302  }
303
304  public List<Link> getLinks() {
305    return _links;
306  }
307
308  public void setLinks(List<Link> value) {
309    _links = value;
310  }
311
312  /**
313   * Add a new {@link Link} item to the underlying collection.
314   * @param item the item to add
315   * @return {@code true}
316   */
317  public boolean addLink(Link item) {
318    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
319    if (_links == null) {
320      _links = new LinkedList<>();
321    }
322    return _links.add(value);
323  }
324
325  /**
326   * Remove the first matching {@link Link} item from the underlying collection.
327   * @param item the item to remove
328   * @return {@code true} if the item was removed or {@code false} otherwise
329   */
330  public boolean removeLink(Link item) {
331    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
332    return _links == null ? false : _links.remove(value);
333  }
334
335  public String getStatus() {
336    return _status;
337  }
338
339  public void setStatus(String value) {
340    _status = value;
341  }
342
343  public List<Origin> getOrigins() {
344    return _origins;
345  }
346
347  public void setOrigins(List<Origin> value) {
348    _origins = value;
349  }
350
351  /**
352   * Add a new {@link Origin} item to the underlying collection.
353   * @param item the item to add
354   * @return {@code true}
355   */
356  public boolean addOrigin(Origin item) {
357    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
358    if (_origins == null) {
359      _origins = new LinkedList<>();
360    }
361    return _origins.add(value);
362  }
363
364  /**
365   * Remove the first matching {@link Origin} item from the underlying collection.
366   * @param item the item to remove
367   * @return {@code true} if the item was removed or {@code false} otherwise
368   */
369  public boolean removeOrigin(Origin item) {
370    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
371    return _origins == null ? false : _origins.remove(value);
372  }
373
374  public List<ThreatId> getThreatIds() {
375    return _threatIds;
376  }
377
378  public void setThreatIds(List<ThreatId> value) {
379    _threatIds = value;
380  }
381
382  /**
383   * Add a new {@link ThreatId} item to the underlying collection.
384   * @param item the item to add
385   * @return {@code true}
386   */
387  public boolean addThreatId(ThreatId item) {
388    ThreatId value = ObjectUtils.requireNonNull(item,"item cannot be null");
389    if (_threatIds == null) {
390      _threatIds = new LinkedList<>();
391    }
392    return _threatIds.add(value);
393  }
394
395  /**
396   * Remove the first matching {@link ThreatId} item from the underlying collection.
397   * @param item the item to remove
398   * @return {@code true} if the item was removed or {@code false} otherwise
399   */
400  public boolean removeThreatId(ThreatId item) {
401    ThreatId value = ObjectUtils.requireNonNull(item,"item cannot be null");
402    return _threatIds == null ? false : _threatIds.remove(value);
403  }
404
405  public List<Characterization> getCharacterizations() {
406    return _characterizations;
407  }
408
409  public void setCharacterizations(List<Characterization> value) {
410    _characterizations = value;
411  }
412
413  /**
414   * Add a new {@link Characterization} item to the underlying collection.
415   * @param item the item to add
416   * @return {@code true}
417   */
418  public boolean addCharacterization(Characterization item) {
419    Characterization value = ObjectUtils.requireNonNull(item,"item cannot be null");
420    if (_characterizations == null) {
421      _characterizations = new LinkedList<>();
422    }
423    return _characterizations.add(value);
424  }
425
426  /**
427   * Remove the first matching {@link Characterization} item from the underlying collection.
428   * @param item the item to remove
429   * @return {@code true} if the item was removed or {@code false} otherwise
430   */
431  public boolean removeCharacterization(Characterization item) {
432    Characterization value = ObjectUtils.requireNonNull(item,"item cannot be null");
433    return _characterizations == null ? false : _characterizations.remove(value);
434  }
435
436  public List<MitigatingFactor> getMitigatingFactors() {
437    return _mitigatingFactors;
438  }
439
440  public void setMitigatingFactors(List<MitigatingFactor> value) {
441    _mitigatingFactors = value;
442  }
443
444  /**
445   * Add a new {@link MitigatingFactor} item to the underlying collection.
446   * @param item the item to add
447   * @return {@code true}
448   */
449  public boolean addMitigatingFactor(MitigatingFactor item) {
450    MitigatingFactor value = ObjectUtils.requireNonNull(item,"item cannot be null");
451    if (_mitigatingFactors == null) {
452      _mitigatingFactors = new LinkedList<>();
453    }
454    return _mitigatingFactors.add(value);
455  }
456
457  /**
458   * Remove the first matching {@link MitigatingFactor} item from the underlying collection.
459   * @param item the item to remove
460   * @return {@code true} if the item was removed or {@code false} otherwise
461   */
462  public boolean removeMitigatingFactor(MitigatingFactor item) {
463    MitigatingFactor value = ObjectUtils.requireNonNull(item,"item cannot be null");
464    return _mitigatingFactors == null ? false : _mitigatingFactors.remove(value);
465  }
466
467  public ZonedDateTime getDeadline() {
468    return _deadline;
469  }
470
471  public void setDeadline(ZonedDateTime value) {
472    _deadline = value;
473  }
474
475  public List<Response> getRemediations() {
476    return _remediations;
477  }
478
479  public void setRemediations(List<Response> value) {
480    _remediations = value;
481  }
482
483  /**
484   * Add a new {@link Response} item to the underlying collection.
485   * @param item the item to add
486   * @return {@code true}
487   */
488  public boolean addResponse(Response item) {
489    Response value = ObjectUtils.requireNonNull(item,"item cannot be null");
490    if (_remediations == null) {
491      _remediations = new LinkedList<>();
492    }
493    return _remediations.add(value);
494  }
495
496  /**
497   * Remove the first matching {@link Response} item from the underlying collection.
498   * @param item the item to remove
499   * @return {@code true} if the item was removed or {@code false} otherwise
500   */
501  public boolean removeResponse(Response item) {
502    Response value = ObjectUtils.requireNonNull(item,"item cannot be null");
503    return _remediations == null ? false : _remediations.remove(value);
504  }
505
506  public RiskLog getRiskLog() {
507    return _riskLog;
508  }
509
510  public void setRiskLog(RiskLog value) {
511    _riskLog = value;
512  }
513
514  public List<RelatedObservation> getRelatedObservations() {
515    return _relatedObservations;
516  }
517
518  public void setRelatedObservations(List<RelatedObservation> value) {
519    _relatedObservations = value;
520  }
521
522  /**
523   * Add a new {@link RelatedObservation} item to the underlying collection.
524   * @param item the item to add
525   * @return {@code true}
526   */
527  public boolean addRelatedObservation(RelatedObservation item) {
528    RelatedObservation value = ObjectUtils.requireNonNull(item,"item cannot be null");
529    if (_relatedObservations == null) {
530      _relatedObservations = new LinkedList<>();
531    }
532    return _relatedObservations.add(value);
533  }
534
535  /**
536   * Remove the first matching {@link RelatedObservation} item from the underlying collection.
537   * @param item the item to remove
538   * @return {@code true} if the item was removed or {@code false} otherwise
539   */
540  public boolean removeRelatedObservation(RelatedObservation item) {
541    RelatedObservation value = ObjectUtils.requireNonNull(item,"item cannot be null");
542    return _relatedObservations == null ? false : _relatedObservations.remove(value);
543  }
544
545  @Override
546  public String toString() {
547    return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
548  }
549
550  /**
551   * Relates the finding to a set of referenced observations that were used to determine the finding.
552   */
553  @MetaschemaAssembly(
554      formalName = "Related Observation",
555      description = "Relates the finding to a set of referenced observations that were used to determine the finding.",
556      name = "related-observation",
557      metaschema = OscalAssessmentCommonMetaschema.class
558  )
559  public static class RelatedObservation {
560    @BoundFlag(
561        formalName = "Observation Universally Unique Identifier Reference",
562        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented) identifier reference to an observation defined in the list of observations.",
563        useName = "observation-uuid",
564        required = true,
565        typeAdapter = UuidAdapter.class
566    )
567    private UUID _observationUuid;
568
569    public RelatedObservation() {
570    }
571
572    public UUID getObservationUuid() {
573      return _observationUuid;
574    }
575
576    public void setObservationUuid(UUID value) {
577      _observationUuid = value;
578    }
579
580    @Override
581    public String toString() {
582      return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
583    }
584  }
585
586  /**
587   * A log of all risk-related tasks taken.
588   */
589  @MetaschemaAssembly(
590      formalName = "Risk Log",
591      description = "A log of all risk-related tasks taken.",
592      name = "risk-log",
593      metaschema = OscalAssessmentCommonMetaschema.class
594  )
595  public static class RiskLog {
596    /**
597     * "Identifies an individual risk response that occurred as part of managing an identified risk."
598     */
599    @BoundAssembly(
600        formalName = "Risk Log Entry",
601        description = "Identifies an individual risk response that occurred as part of managing an identified risk.",
602        useName = "entry",
603        minOccurs = 1,
604        maxOccurs = -1
605    )
606    @GroupAs(
607        name = "entries",
608        inJson = JsonGroupAsBehavior.LIST
609    )
610    private List<Entry> _entries;
611
612    public RiskLog() {
613    }
614
615    public List<Entry> getEntries() {
616      return _entries;
617    }
618
619    public void setEntries(List<Entry> value) {
620      _entries = value;
621    }
622
623    /**
624     * Add a new {@link Entry} item to the underlying collection.
625     * @param item the item to add
626     * @return {@code true}
627     */
628    public boolean addEntry(Entry item) {
629      Entry value = ObjectUtils.requireNonNull(item,"item cannot be null");
630      if (_entries == null) {
631        _entries = new LinkedList<>();
632      }
633      return _entries.add(value);
634    }
635
636    /**
637     * Remove the first matching {@link Entry} item from the underlying collection.
638     * @param item the item to remove
639     * @return {@code true} if the item was removed or {@code false} otherwise
640     */
641    public boolean removeEntry(Entry item) {
642      Entry value = ObjectUtils.requireNonNull(item,"item cannot be null");
643      return _entries == null ? false : _entries.remove(value);
644    }
645
646    @Override
647    public String toString() {
648      return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
649    }
650
651    /**
652     * Identifies an individual risk response that occurred as part of managing an identified risk.
653     */
654    @MetaschemaAssembly(
655        formalName = "Risk Log Entry",
656        description = "Identifies an individual risk response that occurred as part of managing an identified risk.",
657        name = "entry",
658        metaschema = OscalAssessmentCommonMetaschema.class
659    )
660    @ValueConstraints(
661        allowedValues = {
662            @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "type", description = "The type of remediation tracking entry. Can be multi-valued.")),
663            @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", allowOthers = true, values = {@AllowedValue(value = "vendor-check-in", description = "Contacted vendor to determine the status of a pending fix to a known vulnerability."), @AllowedValue(value = "status-update", description = "Information related to the current state of response to this risk."), @AllowedValue(value = "milestone-complete", description = "A significant step in the response plan has been achieved."), @AllowedValue(value = "mitigation", description = "An activity was completed that reduces the likelihood or impact of this risk."), @AllowedValue(value = "remediated", description = "An activity was completed that eliminates the likelihood or impact of this risk."), @AllowedValue(value = "closed", description = "The risk is no longer applicable to the system."), @AllowedValue(value = "dr-submission", description = "A deviation request was made to the authorizing official."), @AllowedValue(value = "dr-updated", description = "A previously submitted deviation request has been modified."), @AllowedValue(value = "dr-approved", description = "The authorizing official approved the deviation."), @AllowedValue(value = "dr-rejected", description = "The authorizing official rejected the deviation.")})
664        }
665    )
666    public static class Entry {
667      @BoundFlag(
668          formalName = "Risk Log Entry Universally Unique Identifier",
669          description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this risk log entry elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk log entry` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
670          useName = "uuid",
671          required = true,
672          typeAdapter = UuidAdapter.class
673      )
674      private UUID _uuid;
675
676      /**
677       * "The title for this risk log entry."
678       */
679      @BoundField(
680          formalName = "Title",
681          description = "The title for this risk log entry.",
682          useName = "title"
683      )
684      @BoundFieldValue(
685          typeAdapter = MarkupLineAdapter.class
686      )
687      private MarkupLine _title;
688
689      /**
690       * "A human-readable description of what was done regarding the risk."
691       */
692      @BoundField(
693          formalName = "Risk Task Description",
694          description = "A human-readable description of what was done regarding the risk.",
695          useName = "description"
696      )
697      @BoundFieldValue(
698          typeAdapter = MarkupMultilineAdapter.class
699      )
700      private MarkupMultiline _description;
701
702      /**
703       * "Identifies the start date and time of the event."
704       */
705      @BoundField(
706          formalName = "Start",
707          description = "Identifies the start date and time of the event.",
708          useName = "start",
709          minOccurs = 1
710      )
711      @BoundFieldValue(
712          typeAdapter = DateTimeWithTZAdapter.class
713      )
714      private ZonedDateTime _start;
715
716      /**
717       * "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time."
718       */
719      @BoundField(
720          formalName = "End",
721          description = "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.",
722          useName = "end"
723      )
724      @BoundFieldValue(
725          typeAdapter = DateTimeWithTZAdapter.class
726      )
727      private ZonedDateTime _end;
728
729      @BoundAssembly(
730          formalName = "Property",
731          description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
732          useName = "prop",
733          maxOccurs = -1
734      )
735      @GroupAs(
736          name = "props",
737          inJson = JsonGroupAsBehavior.LIST
738      )
739      private List<Property> _props;
740
741      @BoundAssembly(
742          formalName = "Link",
743          description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
744          useName = "link",
745          maxOccurs = -1
746      )
747      @GroupAs(
748          name = "links",
749          inJson = JsonGroupAsBehavior.LIST
750      )
751      private List<Link> _links;
752
753      @BoundAssembly(
754          formalName = "Logged By",
755          description = "Used to indicate who created a log entry in what role.",
756          useName = "logged-by",
757          maxOccurs = -1
758      )
759      @GroupAs(
760          name = "logged-by",
761          inJson = JsonGroupAsBehavior.LIST
762      )
763      private List<LoggedBy> _loggedBy;
764
765      @BoundField(
766          formalName = "Risk Status",
767          description = "Describes the status of the associated risk.",
768          useName = "status-change",
769          remarks = "Identifies a change in risk status made resulting from the task described by this risk log entry. This allows the risk's status history to be captured as a sequence of risk log entries."
770      )
771      @BoundFieldValue(
772          typeAdapter = TokenAdapter.class
773      )
774      @ValueConstraints(
775          allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "open", description = "The risk has been identified."), @AllowedValue(value = "investigating", description = "The identified risk is being investigated. (Open risk)"), @AllowedValue(value = "remediating", description = "Remediation activities are underway, but are not yet complete. (Open risk)"), @AllowedValue(value = "deviation-requested", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been submitted for approval. (Open risk)"), @AllowedValue(value = "deviation-approved", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been approved. (Open risk)"), @AllowedValue(value = "closed", description = "The risk has been resolved.")})
776      )
777      private String _statusChange;
778
779      /**
780       * "Identifies an individual risk response that this log entry is for."
781       */
782      @BoundAssembly(
783          formalName = "Risk Response Reference",
784          description = "Identifies an individual risk response that this log entry is for.",
785          useName = "related-response",
786          maxOccurs = -1
787      )
788      @GroupAs(
789          name = "related-responses",
790          inJson = JsonGroupAsBehavior.LIST
791      )
792      private List<RelatedResponse> _relatedResponses;
793
794      @BoundField(
795          formalName = "Remarks",
796          description = "Additional commentary about the containing object.",
797          useName = "remarks"
798      )
799      @BoundFieldValue(
800          typeAdapter = MarkupMultilineAdapter.class
801      )
802      private MarkupMultiline _remarks;
803
804      public Entry() {
805      }
806
807      public UUID getUuid() {
808        return _uuid;
809      }
810
811      public void setUuid(UUID value) {
812        _uuid = value;
813      }
814
815      public MarkupLine getTitle() {
816        return _title;
817      }
818
819      public void setTitle(MarkupLine value) {
820        _title = value;
821      }
822
823      public MarkupMultiline getDescription() {
824        return _description;
825      }
826
827      public void setDescription(MarkupMultiline value) {
828        _description = value;
829      }
830
831      public ZonedDateTime getStart() {
832        return _start;
833      }
834
835      public void setStart(ZonedDateTime value) {
836        _start = value;
837      }
838
839      public ZonedDateTime getEnd() {
840        return _end;
841      }
842
843      public void setEnd(ZonedDateTime value) {
844        _end = value;
845      }
846
847      public List<Property> getProps() {
848        return _props;
849      }
850
851      public void setProps(List<Property> value) {
852        _props = value;
853      }
854
855      /**
856       * Add a new {@link Property} item to the underlying collection.
857       * @param item the item to add
858       * @return {@code true}
859       */
860      public boolean addProp(Property item) {
861        Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
862        if (_props == null) {
863          _props = new LinkedList<>();
864        }
865        return _props.add(value);
866      }
867
868      /**
869       * Remove the first matching {@link Property} item from the underlying collection.
870       * @param item the item to remove
871       * @return {@code true} if the item was removed or {@code false} otherwise
872       */
873      public boolean removeProp(Property item) {
874        Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
875        return _props == null ? false : _props.remove(value);
876      }
877
878      public List<Link> getLinks() {
879        return _links;
880      }
881
882      public void setLinks(List<Link> value) {
883        _links = value;
884      }
885
886      /**
887       * Add a new {@link Link} item to the underlying collection.
888       * @param item the item to add
889       * @return {@code true}
890       */
891      public boolean addLink(Link item) {
892        Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
893        if (_links == null) {
894          _links = new LinkedList<>();
895        }
896        return _links.add(value);
897      }
898
899      /**
900       * Remove the first matching {@link Link} item from the underlying collection.
901       * @param item the item to remove
902       * @return {@code true} if the item was removed or {@code false} otherwise
903       */
904      public boolean removeLink(Link item) {
905        Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
906        return _links == null ? false : _links.remove(value);
907      }
908
909      public List<LoggedBy> getLoggedBy() {
910        return _loggedBy;
911      }
912
913      public void setLoggedBy(List<LoggedBy> value) {
914        _loggedBy = value;
915      }
916
917      /**
918       * Add a new {@link LoggedBy} item to the underlying collection.
919       * @param item the item to add
920       * @return {@code true}
921       */
922      public boolean addLoggedBy(LoggedBy item) {
923        LoggedBy value = ObjectUtils.requireNonNull(item,"item cannot be null");
924        if (_loggedBy == null) {
925          _loggedBy = new LinkedList<>();
926        }
927        return _loggedBy.add(value);
928      }
929
930      /**
931       * Remove the first matching {@link LoggedBy} item from the underlying collection.
932       * @param item the item to remove
933       * @return {@code true} if the item was removed or {@code false} otherwise
934       */
935      public boolean removeLoggedBy(LoggedBy item) {
936        LoggedBy value = ObjectUtils.requireNonNull(item,"item cannot be null");
937        return _loggedBy == null ? false : _loggedBy.remove(value);
938      }
939
940      public String getStatusChange() {
941        return _statusChange;
942      }
943
944      public void setStatusChange(String value) {
945        _statusChange = value;
946      }
947
948      public List<RelatedResponse> getRelatedResponses() {
949        return _relatedResponses;
950      }
951
952      public void setRelatedResponses(List<RelatedResponse> value) {
953        _relatedResponses = value;
954      }
955
956      /**
957       * Add a new {@link RelatedResponse} item to the underlying collection.
958       * @param item the item to add
959       * @return {@code true}
960       */
961      public boolean addRelatedResponse(RelatedResponse item) {
962        RelatedResponse value = ObjectUtils.requireNonNull(item,"item cannot be null");
963        if (_relatedResponses == null) {
964          _relatedResponses = new LinkedList<>();
965        }
966        return _relatedResponses.add(value);
967      }
968
969      /**
970       * Remove the first matching {@link RelatedResponse} item from the underlying collection.
971       * @param item the item to remove
972       * @return {@code true} if the item was removed or {@code false} otherwise
973       */
974      public boolean removeRelatedResponse(RelatedResponse item) {
975        RelatedResponse value = ObjectUtils.requireNonNull(item,"item cannot be null");
976        return _relatedResponses == null ? false : _relatedResponses.remove(value);
977      }
978
979      public MarkupMultiline getRemarks() {
980        return _remarks;
981      }
982
983      public void setRemarks(MarkupMultiline value) {
984        _remarks = value;
985      }
986
987      @Override
988      public String toString() {
989        return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
990      }
991
992      /**
993       * Identifies an individual risk response that this log entry is for.
994       */
995      @MetaschemaAssembly(
996          formalName = "Risk Response Reference",
997          description = "Identifies an individual risk response that this log entry is for.",
998          name = "related-response",
999          metaschema = OscalAssessmentCommonMetaschema.class
1000      )
1001      public static class RelatedResponse {
1002        @BoundFlag(
1003            formalName = "Response Universally Unique Identifier Reference",
1004            description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented) identifier reference to a unique risk response.",
1005            useName = "response-uuid",
1006            required = true,
1007            typeAdapter = UuidAdapter.class
1008        )
1009        private UUID _responseUuid;
1010
1011        @BoundAssembly(
1012            formalName = "Property",
1013            description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
1014            useName = "prop",
1015            maxOccurs = -1
1016        )
1017        @GroupAs(
1018            name = "props",
1019            inJson = JsonGroupAsBehavior.LIST
1020        )
1021        private List<Property> _props;
1022
1023        @BoundAssembly(
1024            formalName = "Link",
1025            description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
1026            useName = "link",
1027            maxOccurs = -1
1028        )
1029        @GroupAs(
1030            name = "links",
1031            inJson = JsonGroupAsBehavior.LIST
1032        )
1033        private List<Link> _links;
1034
1035        @BoundAssembly(
1036            formalName = "Task Reference",
1037            description = "Identifies an individual task for which the containing object is a consequence of.",
1038            useName = "related-task",
1039            maxOccurs = -1,
1040            remarks = "This is used to identify the task(s) that this log entry was generated for."
1041        )
1042        @GroupAs(
1043            name = "related-tasks",
1044            inJson = JsonGroupAsBehavior.LIST
1045        )
1046        private List<RelatedTask> _relatedTasks;
1047
1048        @BoundField(
1049            formalName = "Remarks",
1050            description = "Additional commentary about the containing object.",
1051            useName = "remarks"
1052        )
1053        @BoundFieldValue(
1054            typeAdapter = MarkupMultilineAdapter.class
1055        )
1056        private MarkupMultiline _remarks;
1057
1058        public RelatedResponse() {
1059        }
1060
1061        public UUID getResponseUuid() {
1062          return _responseUuid;
1063        }
1064
1065        public void setResponseUuid(UUID value) {
1066          _responseUuid = value;
1067        }
1068
1069        public List<Property> getProps() {
1070          return _props;
1071        }
1072
1073        public void setProps(List<Property> value) {
1074          _props = value;
1075        }
1076
1077        /**
1078         * Add a new {@link Property} item to the underlying collection.
1079         * @param item the item to add
1080         * @return {@code true}
1081         */
1082        public boolean addProp(Property item) {
1083          Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1084          if (_props == null) {
1085            _props = new LinkedList<>();
1086          }
1087          return _props.add(value);
1088        }
1089
1090        /**
1091         * Remove the first matching {@link Property} item from the underlying collection.
1092         * @param item the item to remove
1093         * @return {@code true} if the item was removed or {@code false} otherwise
1094         */
1095        public boolean removeProp(Property item) {
1096          Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1097          return _props == null ? false : _props.remove(value);
1098        }
1099
1100        public List<Link> getLinks() {
1101          return _links;
1102        }
1103
1104        public void setLinks(List<Link> value) {
1105          _links = value;
1106        }
1107
1108        /**
1109         * Add a new {@link Link} item to the underlying collection.
1110         * @param item the item to add
1111         * @return {@code true}
1112         */
1113        public boolean addLink(Link item) {
1114          Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1115          if (_links == null) {
1116            _links = new LinkedList<>();
1117          }
1118          return _links.add(value);
1119        }
1120
1121        /**
1122         * Remove the first matching {@link Link} item from the underlying collection.
1123         * @param item the item to remove
1124         * @return {@code true} if the item was removed or {@code false} otherwise
1125         */
1126        public boolean removeLink(Link item) {
1127          Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1128          return _links == null ? false : _links.remove(value);
1129        }
1130
1131        public List<RelatedTask> getRelatedTasks() {
1132          return _relatedTasks;
1133        }
1134
1135        public void setRelatedTasks(List<RelatedTask> value) {
1136          _relatedTasks = value;
1137        }
1138
1139        /**
1140         * Add a new {@link RelatedTask} item to the underlying collection.
1141         * @param item the item to add
1142         * @return {@code true}
1143         */
1144        public boolean addRelatedTask(RelatedTask item) {
1145          RelatedTask value = ObjectUtils.requireNonNull(item,"item cannot be null");
1146          if (_relatedTasks == null) {
1147            _relatedTasks = new LinkedList<>();
1148          }
1149          return _relatedTasks.add(value);
1150        }
1151
1152        /**
1153         * Remove the first matching {@link RelatedTask} item from the underlying collection.
1154         * @param item the item to remove
1155         * @return {@code true} if the item was removed or {@code false} otherwise
1156         */
1157        public boolean removeRelatedTask(RelatedTask item) {
1158          RelatedTask value = ObjectUtils.requireNonNull(item,"item cannot be null");
1159          return _relatedTasks == null ? false : _relatedTasks.remove(value);
1160        }
1161
1162        public MarkupMultiline getRemarks() {
1163          return _remarks;
1164        }
1165
1166        public void setRemarks(MarkupMultiline value) {
1167          _remarks = value;
1168        }
1169
1170        @Override
1171        public String toString() {
1172          return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
1173        }
1174      }
1175    }
1176  }
1177
1178  /**
1179   * Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.
1180   */
1181  @MetaschemaAssembly(
1182      formalName = "Mitigating Factor",
1183      description = "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.",
1184      name = "mitigating-factor",
1185      metaschema = OscalAssessmentCommonMetaschema.class
1186  )
1187  public static class MitigatingFactor {
1188    @BoundFlag(
1189        formalName = "Mitigating Factor Universally Unique Identifier",
1190        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this mitigating factor elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `mitigating factor` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
1191        useName = "uuid",
1192        required = true,
1193        typeAdapter = UuidAdapter.class
1194    )
1195    private UUID _uuid;
1196
1197    @BoundFlag(
1198        formalName = "Implementation UUID",
1199        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this implementation statement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope)s. The locally defined *UUID* of the `implementation statement` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
1200        useName = "implementation-uuid",
1201        typeAdapter = UuidAdapter.class
1202    )
1203    private UUID _implementationUuid;
1204
1205    /**
1206     * "A human-readable description of this mitigating factor."
1207     */
1208    @BoundField(
1209        formalName = "Mitigating Factor Description",
1210        description = "A human-readable description of this mitigating factor.",
1211        useName = "description",
1212        minOccurs = 1
1213    )
1214    @BoundFieldValue(
1215        typeAdapter = MarkupMultilineAdapter.class
1216    )
1217    private MarkupMultiline _description;
1218
1219    @BoundAssembly(
1220        formalName = "Property",
1221        description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
1222        useName = "prop",
1223        maxOccurs = -1
1224    )
1225    @GroupAs(
1226        name = "props",
1227        inJson = JsonGroupAsBehavior.LIST
1228    )
1229    private List<Property> _props;
1230
1231    @BoundAssembly(
1232        formalName = "Link",
1233        description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
1234        useName = "link",
1235        maxOccurs = -1
1236    )
1237    @GroupAs(
1238        name = "links",
1239        inJson = JsonGroupAsBehavior.LIST
1240    )
1241    private List<Link> _links;
1242
1243    @BoundAssembly(
1244        formalName = "Identifies the Subject",
1245        description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.",
1246        useName = "subject",
1247        maxOccurs = -1,
1248        remarks = "Links identifiable elements of the system to this mitigating factor, such as an inventory-item or component."
1249    )
1250    @GroupAs(
1251        name = "subjects",
1252        inJson = JsonGroupAsBehavior.LIST
1253    )
1254    private List<SubjectReference> _subjects;
1255
1256    public MitigatingFactor() {
1257    }
1258
1259    public UUID getUuid() {
1260      return _uuid;
1261    }
1262
1263    public void setUuid(UUID value) {
1264      _uuid = value;
1265    }
1266
1267    public UUID getImplementationUuid() {
1268      return _implementationUuid;
1269    }
1270
1271    public void setImplementationUuid(UUID value) {
1272      _implementationUuid = value;
1273    }
1274
1275    public MarkupMultiline getDescription() {
1276      return _description;
1277    }
1278
1279    public void setDescription(MarkupMultiline value) {
1280      _description = value;
1281    }
1282
1283    public List<Property> getProps() {
1284      return _props;
1285    }
1286
1287    public void setProps(List<Property> value) {
1288      _props = value;
1289    }
1290
1291    /**
1292     * Add a new {@link Property} item to the underlying collection.
1293     * @param item the item to add
1294     * @return {@code true}
1295     */
1296    public boolean addProp(Property item) {
1297      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1298      if (_props == null) {
1299        _props = new LinkedList<>();
1300      }
1301      return _props.add(value);
1302    }
1303
1304    /**
1305     * Remove the first matching {@link Property} item from the underlying collection.
1306     * @param item the item to remove
1307     * @return {@code true} if the item was removed or {@code false} otherwise
1308     */
1309    public boolean removeProp(Property item) {
1310      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1311      return _props == null ? false : _props.remove(value);
1312    }
1313
1314    public List<Link> getLinks() {
1315      return _links;
1316    }
1317
1318    public void setLinks(List<Link> value) {
1319      _links = value;
1320    }
1321
1322    /**
1323     * Add a new {@link Link} item to the underlying collection.
1324     * @param item the item to add
1325     * @return {@code true}
1326     */
1327    public boolean addLink(Link item) {
1328      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1329      if (_links == null) {
1330        _links = new LinkedList<>();
1331      }
1332      return _links.add(value);
1333    }
1334
1335    /**
1336     * Remove the first matching {@link Link} item from the underlying collection.
1337     * @param item the item to remove
1338     * @return {@code true} if the item was removed or {@code false} otherwise
1339     */
1340    public boolean removeLink(Link item) {
1341      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1342      return _links == null ? false : _links.remove(value);
1343    }
1344
1345    public List<SubjectReference> getSubjects() {
1346      return _subjects;
1347    }
1348
1349    public void setSubjects(List<SubjectReference> value) {
1350      _subjects = value;
1351    }
1352
1353    /**
1354     * Add a new {@link SubjectReference} item to the underlying collection.
1355     * @param item the item to add
1356     * @return {@code true}
1357     */
1358    public boolean addSubject(SubjectReference item) {
1359      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
1360      if (_subjects == null) {
1361        _subjects = new LinkedList<>();
1362      }
1363      return _subjects.add(value);
1364    }
1365
1366    /**
1367     * Remove the first matching {@link SubjectReference} item from the underlying collection.
1368     * @param item the item to remove
1369     * @return {@code true} if the item was removed or {@code false} otherwise
1370     */
1371    public boolean removeSubject(SubjectReference item) {
1372      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
1373      return _subjects == null ? false : _subjects.remove(value);
1374    }
1375
1376    @Override
1377    public String toString() {
1378      return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
1379    }
1380  }
1381}