001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue; 004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues; 005import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 006import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 007import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue; 008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 009import gov.nist.secauto.metaschema.binding.model.annotations.Expect; 010import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 011import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey; 012import gov.nist.secauto.metaschema.binding.model.annotations.KeyField; 013import gov.nist.secauto.metaschema.binding.model.annotations.Matches; 014import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 015import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints; 016import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 017import gov.nist.secauto.metaschema.model.common.constraint.IConstraint; 018import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriAdapter; 019import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriReferenceAdapter; 020import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 021import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine; 022import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter; 023import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline; 024import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter; 025import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 026import java.lang.Override; 027import java.lang.String; 028import java.net.URI; 029import java.util.LinkedList; 030import java.util.List; 031import java.util.UUID; 032import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 033import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 034 035/** 036 * Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60</a>. 037 */ 038@MetaschemaAssembly( 039 formalName = "System Information", 040 description = "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).", 041 name = "system-information", 042 metaschema = OscalSspMetaschema.class 043) 044@ValueConstraints( 045 allowedValues = { 046 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "privacy-designation", description = "Is this a privacy sensitive system? yes or no")), 047 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privacy-designation']/@value", values = {@AllowedValue(value = "yes", description = "The system is privacy sensitive."), @AllowedValue(value = "no", description = "The system is not privacy sensitive.")}), 048 @AllowedValues(level = IConstraint.Level.ERROR, target = "link/@rel", allowOthers = true, values = @AllowedValue(value = "privacy-impact-assessment", description = "A link to the privacy impact assessment.")), 049 @AllowedValues(level = IConstraint.Level.ERROR, target = "information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)", allowOthers = true, values = {@AllowedValue(value = "fips-199-low", description = "A 'low' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-moderate", description = "A 'moderate' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-high", description = "A 'high' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199).")}, remarks = "FIPS-199 taxonomy is provided here as a starting point. We will provide other taxonomies based on community requests.") 050 }, 051 indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment' and starts-with(@href,'#')]", indexName = "index-back-matter-resource", keyFields = @KeyField(target = "@href", pattern = "#(.*)")), 052 matches = { 053 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[starts-with(.,'#')]", typeAdapter = UriReferenceAdapter.class), 054 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[not(starts-with(.,'#'))]", typeAdapter = UriAdapter.class) 055 } 056) 057public class SystemInformation { 058 @BoundAssembly( 059 formalName = "Property", 060 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 061 useName = "prop", 062 maxOccurs = -1 063 ) 064 @GroupAs( 065 name = "props", 066 inJson = JsonGroupAsBehavior.LIST 067 ) 068 private List<Property> _props; 069 070 @BoundAssembly( 071 formalName = "Link", 072 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 073 useName = "link", 074 maxOccurs = -1 075 ) 076 @GroupAs( 077 name = "links", 078 inJson = JsonGroupAsBehavior.LIST 079 ) 080 private List<Link> _links; 081 082 /** 083 * "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in <a href=\"https://doi.org/10.6028/NIST.SP.800-60v2r1\">NIST SP 800-60</a>." 084 */ 085 @BoundAssembly( 086 formalName = "Information Type", 087 description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).", 088 useName = "information-type", 089 minOccurs = 1, 090 maxOccurs = -1 091 ) 092 @GroupAs( 093 name = "information-types", 094 inJson = JsonGroupAsBehavior.LIST 095 ) 096 private List<InformationType> _informationTypes; 097 098 public SystemInformation() { 099 } 100 101 public List<Property> getProps() { 102 return _props; 103 } 104 105 public void setProps(List<Property> value) { 106 _props = value; 107 } 108 109 /** 110 * Add a new {@link Property} item to the underlying collection. 111 * @param item the item to add 112 * @return {@code true} 113 */ 114 public boolean addProp(Property item) { 115 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 116 if (_props == null) { 117 _props = new LinkedList<>(); 118 } 119 return _props.add(value); 120 } 121 122 /** 123 * Remove the first matching {@link Property} item from the underlying collection. 124 * @param item the item to remove 125 * @return {@code true} if the item was removed or {@code false} otherwise 126 */ 127 public boolean removeProp(Property item) { 128 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 129 return _props == null ? false : _props.remove(value); 130 } 131 132 public List<Link> getLinks() { 133 return _links; 134 } 135 136 public void setLinks(List<Link> value) { 137 _links = value; 138 } 139 140 /** 141 * Add a new {@link Link} item to the underlying collection. 142 * @param item the item to add 143 * @return {@code true} 144 */ 145 public boolean addLink(Link item) { 146 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 147 if (_links == null) { 148 _links = new LinkedList<>(); 149 } 150 return _links.add(value); 151 } 152 153 /** 154 * Remove the first matching {@link Link} item from the underlying collection. 155 * @param item the item to remove 156 * @return {@code true} if the item was removed or {@code false} otherwise 157 */ 158 public boolean removeLink(Link item) { 159 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 160 return _links == null ? false : _links.remove(value); 161 } 162 163 public List<InformationType> getInformationTypes() { 164 return _informationTypes; 165 } 166 167 public void setInformationTypes(List<InformationType> value) { 168 _informationTypes = value; 169 } 170 171 /** 172 * Add a new {@link InformationType} item to the underlying collection. 173 * @param item the item to add 174 * @return {@code true} 175 */ 176 public boolean addInformationType(InformationType item) { 177 InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null"); 178 if (_informationTypes == null) { 179 _informationTypes = new LinkedList<>(); 180 } 181 return _informationTypes.add(value); 182 } 183 184 /** 185 * Remove the first matching {@link InformationType} item from the underlying collection. 186 * @param item the item to remove 187 * @return {@code true} if the item was removed or {@code false} otherwise 188 */ 189 public boolean removeInformationType(InformationType item) { 190 InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null"); 191 return _informationTypes == null ? false : _informationTypes.remove(value); 192 } 193 194 @Override 195 public String toString() { 196 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 197 } 198 199 /** 200 * Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in <a href="https://doi.org/10.6028/NIST.SP.800-60v2r1">NIST SP 800-60</a>. 201 */ 202 @MetaschemaAssembly( 203 formalName = "Information Type", 204 description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).", 205 name = "information-type", 206 metaschema = OscalSspMetaschema.class 207 ) 208 @ValueConstraints( 209 expect = @Expect(level = IConstraint.Level.WARNING, test = "@uuid", message = "It is a best practice to provide a UUID.") 210 ) 211 public static class InformationType { 212 @BoundFlag( 213 formalName = "Information Type Universally Unique Identifier", 214 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this information type elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `information type` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 215 useName = "uuid", 216 typeAdapter = UuidAdapter.class 217 ) 218 private UUID _uuid; 219 220 /** 221 * "A human readable name for the information type. This title should be meaningful within the context of the system." 222 */ 223 @BoundField( 224 formalName = "title field", 225 description = "A human readable name for the information type. This title should be meaningful within the context of the system.", 226 useName = "title", 227 minOccurs = 1 228 ) 229 @BoundFieldValue( 230 typeAdapter = MarkupLineAdapter.class 231 ) 232 private MarkupLine _title; 233 234 /** 235 * "A summary of how this information type is used within the system." 236 */ 237 @BoundField( 238 formalName = "Information Type Description", 239 description = "A summary of how this information type is used within the system.", 240 useName = "description", 241 minOccurs = 1 242 ) 243 @BoundFieldValue( 244 typeAdapter = MarkupMultilineAdapter.class 245 ) 246 private MarkupMultiline _description; 247 248 /** 249 * "A set of information type identifiers qualified by the given identification <code>system</code> used, such as NIST SP 800-60." 250 */ 251 @BoundAssembly( 252 formalName = "Information Type Categorization", 253 description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.", 254 useName = "categorization", 255 maxOccurs = -1 256 ) 257 @GroupAs( 258 name = "categorizations", 259 inJson = JsonGroupAsBehavior.LIST 260 ) 261 private List<Categorization> _categorizations; 262 263 @BoundAssembly( 264 formalName = "Property", 265 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 266 useName = "prop", 267 maxOccurs = -1 268 ) 269 @GroupAs( 270 name = "props", 271 inJson = JsonGroupAsBehavior.LIST 272 ) 273 private List<Property> _props; 274 275 @BoundAssembly( 276 formalName = "Link", 277 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 278 useName = "link", 279 maxOccurs = -1 280 ) 281 @GroupAs( 282 name = "links", 283 inJson = JsonGroupAsBehavior.LIST 284 ) 285 private List<Link> _links; 286 287 /** 288 * "The expected level of impact resulting from the unauthorized disclosure of the described information." 289 */ 290 @BoundAssembly( 291 formalName = "Confidentiality Impact Level", 292 description = "The expected level of impact resulting from the unauthorized disclosure of the described information.", 293 useName = "confidentiality-impact" 294 ) 295 private Impact _confidentialityImpact; 296 297 /** 298 * "The expected level of impact resulting from the unauthorized modification of the described information." 299 */ 300 @BoundAssembly( 301 formalName = "Integrity Impact Level", 302 description = "The expected level of impact resulting from the unauthorized modification of the described information.", 303 useName = "integrity-impact" 304 ) 305 private Impact _integrityImpact; 306 307 /** 308 * "The expected level of impact resulting from the disruption of access to or use of the described information or the information system." 309 */ 310 @BoundAssembly( 311 formalName = "Availability Impact Level", 312 description = "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.", 313 useName = "availability-impact" 314 ) 315 private Impact _availabilityImpact; 316 317 public InformationType() { 318 } 319 320 public UUID getUuid() { 321 return _uuid; 322 } 323 324 public void setUuid(UUID value) { 325 _uuid = value; 326 } 327 328 public MarkupLine getTitle() { 329 return _title; 330 } 331 332 public void setTitle(MarkupLine value) { 333 _title = value; 334 } 335 336 public MarkupMultiline getDescription() { 337 return _description; 338 } 339 340 public void setDescription(MarkupMultiline value) { 341 _description = value; 342 } 343 344 public List<Categorization> getCategorizations() { 345 return _categorizations; 346 } 347 348 public void setCategorizations(List<Categorization> value) { 349 _categorizations = value; 350 } 351 352 /** 353 * Add a new {@link Categorization} item to the underlying collection. 354 * @param item the item to add 355 * @return {@code true} 356 */ 357 public boolean addCategorization(Categorization item) { 358 Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null"); 359 if (_categorizations == null) { 360 _categorizations = new LinkedList<>(); 361 } 362 return _categorizations.add(value); 363 } 364 365 /** 366 * Remove the first matching {@link Categorization} item from the underlying collection. 367 * @param item the item to remove 368 * @return {@code true} if the item was removed or {@code false} otherwise 369 */ 370 public boolean removeCategorization(Categorization item) { 371 Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null"); 372 return _categorizations == null ? false : _categorizations.remove(value); 373 } 374 375 public List<Property> getProps() { 376 return _props; 377 } 378 379 public void setProps(List<Property> value) { 380 _props = value; 381 } 382 383 /** 384 * Add a new {@link Property} item to the underlying collection. 385 * @param item the item to add 386 * @return {@code true} 387 */ 388 public boolean addProp(Property item) { 389 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 390 if (_props == null) { 391 _props = new LinkedList<>(); 392 } 393 return _props.add(value); 394 } 395 396 /** 397 * Remove the first matching {@link Property} item from the underlying collection. 398 * @param item the item to remove 399 * @return {@code true} if the item was removed or {@code false} otherwise 400 */ 401 public boolean removeProp(Property item) { 402 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 403 return _props == null ? false : _props.remove(value); 404 } 405 406 public List<Link> getLinks() { 407 return _links; 408 } 409 410 public void setLinks(List<Link> value) { 411 _links = value; 412 } 413 414 /** 415 * Add a new {@link Link} item to the underlying collection. 416 * @param item the item to add 417 * @return {@code true} 418 */ 419 public boolean addLink(Link item) { 420 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 421 if (_links == null) { 422 _links = new LinkedList<>(); 423 } 424 return _links.add(value); 425 } 426 427 /** 428 * Remove the first matching {@link Link} item from the underlying collection. 429 * @param item the item to remove 430 * @return {@code true} if the item was removed or {@code false} otherwise 431 */ 432 public boolean removeLink(Link item) { 433 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 434 return _links == null ? false : _links.remove(value); 435 } 436 437 public Impact getConfidentialityImpact() { 438 return _confidentialityImpact; 439 } 440 441 public void setConfidentialityImpact(Impact value) { 442 _confidentialityImpact = value; 443 } 444 445 public Impact getIntegrityImpact() { 446 return _integrityImpact; 447 } 448 449 public void setIntegrityImpact(Impact value) { 450 _integrityImpact = value; 451 } 452 453 public Impact getAvailabilityImpact() { 454 return _availabilityImpact; 455 } 456 457 public void setAvailabilityImpact(Impact value) { 458 _availabilityImpact = value; 459 } 460 461 @Override 462 public String toString() { 463 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 464 } 465 466 /** 467 * A set of information type identifiers qualified by the given identification <code>system</code> used, such as NIST SP 800-60. 468 */ 469 @MetaschemaAssembly( 470 formalName = "Information Type Categorization", 471 description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.", 472 name = "categorization", 473 metaschema = OscalSspMetaschema.class 474 ) 475 public static class Categorization { 476 @BoundFlag( 477 formalName = "Information Type Identification System", 478 description = "Specifies the information type identification system used.", 479 useName = "system", 480 required = true, 481 typeAdapter = UriAdapter.class, 482 remarks = "This value must be an [absolute URI](https://pages.nist.gov/OSCAL/concepts/uri-use/#absolute-uri) that serves as a [naming system identifier](https://pages.nist.gov/OSCAL/concepts/uri-use/#use-as-a-naming-system-identifier)." 483 ) 484 @ValueConstraints( 485 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = @AllowedValue(value = "http://doi.org/10.6028/NIST.SP.800-60v2r1", description = "Based on the section identifiers in NIST [Special Publication 800-60 Volume II Revision 1](https://doi.org/10.6028/NIST.SP.800-60v2r1).")) 486 ) 487 private URI _system; 488 489 /** 490 * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented\">human-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier qualified by the given identification <code>system</code> used, such as NIST SP 800-60. This identifier has <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope and can be used to reference this system elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers\">this or other OSCAL instances</a>. This id should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document." 491 */ 492 @BoundField( 493 formalName = "Information Type Systematized Identifier", 494 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier qualified by the given identification `system` used, such as NIST SP 800-60. This identifier has [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope and can be used to reference this system elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). This id should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 495 useName = "information-type-id", 496 maxOccurs = -1 497 ) 498 @GroupAs( 499 name = "information-type-ids", 500 inJson = JsonGroupAsBehavior.LIST 501 ) 502 private List<String> _informationTypeIds; 503 504 public Categorization() { 505 } 506 507 public URI getSystem() { 508 return _system; 509 } 510 511 public void setSystem(URI value) { 512 _system = value; 513 } 514 515 public List<String> getInformationTypeIds() { 516 return _informationTypeIds; 517 } 518 519 public void setInformationTypeIds(List<String> value) { 520 _informationTypeIds = value; 521 } 522 523 /** 524 * Add a new {@link String} item to the underlying collection. 525 * @param item the item to add 526 * @return {@code true} 527 */ 528 public boolean addInformationTypeId(String item) { 529 String value = ObjectUtils.requireNonNull(item,"item cannot be null"); 530 if (_informationTypeIds == null) { 531 _informationTypeIds = new LinkedList<>(); 532 } 533 return _informationTypeIds.add(value); 534 } 535 536 /** 537 * Remove the first matching {@link String} item from the underlying collection. 538 * @param item the item to remove 539 * @return {@code true} if the item was removed or {@code false} otherwise 540 */ 541 public boolean removeInformationTypeId(String item) { 542 String value = ObjectUtils.requireNonNull(item,"item cannot be null"); 543 return _informationTypeIds == null ? false : _informationTypeIds.remove(value); 544 } 545 546 @Override 547 public String toString() { 548 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 549 } 550 } 551 } 552}