AssessmentPlan.java
package gov.nist.secauto.oscal.lib.model;
import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
import java.lang.Override;
import java.lang.String;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
/**
* An assessment plan, such as those provided by a FedRAMP assessor.
*/
@MetaschemaAssembly(
formalName = "Security Assessment Plan (SAP)",
description = "An assessment plan, such as those provided by a FedRAMP assessor.",
name = "assessment-plan",
metaschema = OscalApMetaschema.class,
rootName = "assessment-plan"
)
public class AssessmentPlan extends AbstractOscalInstance {
@BoundFlag(
formalName = "Assessment Plan Universally Unique Identifier",
description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this assessment plan in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ap-identifiers). The locally defined *UUID* of the `assessment plan` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
useName = "uuid",
required = true,
typeAdapter = UuidAdapter.class
)
private UUID _uuid;
@BoundAssembly(
formalName = "Document Metadata",
description = "Provides information about the containing document, and defines concepts that are shared across the document.",
useName = "metadata",
minOccurs = 1
)
private Metadata _metadata;
@BoundAssembly(
formalName = "Import System Security Plan",
description = "Used by the assessment plan and POA\\&M to import information about the system.",
useName = "import-ssp",
minOccurs = 1,
remarks = "Used by the SAP to import information about the system being assessed."
)
private ImportSsp _importSsp;
/**
* "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP."
*/
@BoundAssembly(
formalName = "Local Definitions",
description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
useName = "local-definitions"
)
private LocalDefinitions _localDefinitions;
/**
* "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition."
*/
@BoundAssembly(
formalName = "Assessment Plan Terms and Conditions",
description = "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.",
useName = "terms-and-conditions"
)
private TermsAndConditions _termsAndConditions;
@BoundAssembly(
formalName = "Reviewed Controls and Control Objectives",
description = "Identifies the controls being assessed and their control objectives.",
useName = "reviewed-controls",
minOccurs = 1
)
private ReviewedControls _reviewedControls;
@BoundAssembly(
formalName = "Subject of Assessment",
description = "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.",
useName = "assessment-subject",
maxOccurs = -1
)
@GroupAs(
name = "assessment-subjects",
inJson = JsonGroupAsBehavior.LIST
)
private List<AssessmentSubject> _assessmentSubjects;
@BoundAssembly(
formalName = "Assessment Assets",
description = "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.",
useName = "assessment-assets"
)
private AssessmentAssets _assessmentAssets;
@BoundAssembly(
formalName = "Task",
description = "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.",
useName = "task",
maxOccurs = -1
)
@GroupAs(
name = "tasks",
inJson = JsonGroupAsBehavior.LIST
)
private List<Task> _tasks;
@BoundAssembly(
formalName = "Back matter",
description = "A collection of resources that may be referenced from within the OSCAL document instance.",
useName = "back-matter"
)
private BackMatter _backMatter;
public AssessmentPlan() {
}
public UUID getUuid() {
return _uuid;
}
public void setUuid(UUID value) {
_uuid = value;
}
public Metadata getMetadata() {
return _metadata;
}
public void setMetadata(Metadata value) {
_metadata = value;
}
public ImportSsp getImportSsp() {
return _importSsp;
}
public void setImportSsp(ImportSsp value) {
_importSsp = value;
}
public LocalDefinitions getLocalDefinitions() {
return _localDefinitions;
}
public void setLocalDefinitions(LocalDefinitions value) {
_localDefinitions = value;
}
public TermsAndConditions getTermsAndConditions() {
return _termsAndConditions;
}
public void setTermsAndConditions(TermsAndConditions value) {
_termsAndConditions = value;
}
public ReviewedControls getReviewedControls() {
return _reviewedControls;
}
public void setReviewedControls(ReviewedControls value) {
_reviewedControls = value;
}
public List<AssessmentSubject> getAssessmentSubjects() {
return _assessmentSubjects;
}
public void setAssessmentSubjects(List<AssessmentSubject> value) {
_assessmentSubjects = value;
}
/**
* Add a new {@link AssessmentSubject} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addAssessmentSubject(AssessmentSubject item) {
AssessmentSubject value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_assessmentSubjects == null) {
_assessmentSubjects = new LinkedList<>();
}
return _assessmentSubjects.add(value);
}
/**
* Remove the first matching {@link AssessmentSubject} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeAssessmentSubject(AssessmentSubject item) {
AssessmentSubject value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _assessmentSubjects == null ? false : _assessmentSubjects.remove(value);
}
public AssessmentAssets getAssessmentAssets() {
return _assessmentAssets;
}
public void setAssessmentAssets(AssessmentAssets value) {
_assessmentAssets = value;
}
public List<Task> getTasks() {
return _tasks;
}
public void setTasks(List<Task> value) {
_tasks = value;
}
/**
* Add a new {@link Task} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addTask(Task item) {
Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_tasks == null) {
_tasks = new LinkedList<>();
}
return _tasks.add(value);
}
/**
* Remove the first matching {@link Task} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeTask(Task item) {
Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _tasks == null ? false : _tasks.remove(value);
}
public BackMatter getBackMatter() {
return _backMatter;
}
public void setBackMatter(BackMatter value) {
_backMatter = value;
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
}
/**
* Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.
*/
@MetaschemaAssembly(
formalName = "Assessment Plan Terms and Conditions",
description = "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.",
name = "terms-and-conditions",
metaschema = OscalApMetaschema.class
)
@ValueConstraints(
allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "rules-of-engagement", description = "Defines the circumstances, conditions, degree, and manner in which the use of cyber-attack techniques or actions may be applied to the assessment."), @AllowedValue(value = "disclosures", description = "Any information the assessor should make known to the system owner or authorizing official. Has child 'item' parts for each individual disclosure."), @AllowedValue(value = "assessment-inclusions", description = "Defines any assessment activities which the system owner or authorizing official wishes to ensure are performed as part of the assessment."), @AllowedValue(value = "assessment-exclusions", description = "Defines any assessment activities which the system owner or authorizing official explicitly prohibits from being performed as part of the assessment."), @AllowedValue(value = "results-delivery", description = "Defines conditions related to the delivery of the assessment results, such as when to deliver, how, and to whom."), @AllowedValue(value = "assumptions", description = "Defines any supposition made by the assessor. Has child 'item' parts for each assumption."), @AllowedValue(value = "methodology", description = "An explanation of practices, procedures, and rules used in the course of the assessment.")})
)
public static class TermsAndConditions {
@BoundAssembly(
formalName = "Assessment Part",
description = "A partition of an assessment plan or results or a child of another part.",
useName = "part",
maxOccurs = -1
)
@GroupAs(
name = "parts",
inJson = JsonGroupAsBehavior.LIST
)
private List<AssessmentPart> _parts;
public TermsAndConditions() {
}
public List<AssessmentPart> getParts() {
return _parts;
}
public void setParts(List<AssessmentPart> value) {
_parts = value;
}
/**
* Add a new {@link AssessmentPart} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addPart(AssessmentPart item) {
AssessmentPart value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_parts == null) {
_parts = new LinkedList<>();
}
return _parts.add(value);
}
/**
* Remove the first matching {@link AssessmentPart} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removePart(AssessmentPart item) {
AssessmentPart value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _parts == null ? false : _parts.remove(value);
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
}
}
/**
* Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
*/
@MetaschemaAssembly(
formalName = "Local Definitions",
description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
name = "local-definitions",
metaschema = OscalApMetaschema.class
)
@AssemblyConstraints(
isUnique = {
@IsUnique(id = "unique-ap-local-definitions-component", level = IConstraint.Level.ERROR, target = "component", keyFields = @KeyField(target = "@uuid"), remarks = "Since multiple `component` entries can be provided, each component must have a unique `uuid`."),
@IsUnique(id = "unique-ap-local-definitions-user", level = IConstraint.Level.ERROR, target = "user", keyFields = @KeyField(target = "@uuid"), remarks = "A given `uuid` must be assigned only once to a user.")
}
)
public static class LocalDefinitions {
@BoundAssembly(
formalName = "Component",
description = "A defined component that can be part of an implemented system.",
useName = "component",
maxOccurs = -1,
remarks = "Used to add any components, not defined via the System Security Plan (AR-\\>AP-\\>SSP)"
)
@GroupAs(
name = "components",
inJson = JsonGroupAsBehavior.LIST
)
private List<SystemComponent> _components;
@BoundAssembly(
formalName = "Inventory Item",
description = "A single managed inventory item within the system.",
useName = "inventory-item",
maxOccurs = -1,
remarks = "Used to add any inventory-items, not defined via the System Security Plan (AR-\\>AP-\\>SSP)"
)
@GroupAs(
name = "inventory-items",
inJson = JsonGroupAsBehavior.LIST
)
private List<InventoryItem> _inventoryItems;
@BoundAssembly(
formalName = "System User",
description = "A type of user that interacts with the system based on an associated role.",
useName = "user",
maxOccurs = -1,
remarks = "Used to add any users, not defined via the System Security Plan (AR-\\>AP-\\>SSP)"
)
@GroupAs(
name = "users",
inJson = JsonGroupAsBehavior.LIST
)
private List<SystemUser> _users;
@BoundAssembly(
formalName = "Assessment-Specific Control Objective",
description = "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.",
useName = "objectives-and-methods",
maxOccurs = -1
)
@GroupAs(
name = "objectives-and-methods",
inJson = JsonGroupAsBehavior.LIST
)
private List<LocalObjective> _objectivesAndMethods;
@BoundAssembly(
formalName = "Activity",
description = "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.",
useName = "activity",
maxOccurs = -1
)
@GroupAs(
name = "activities",
inJson = JsonGroupAsBehavior.LIST
)
private List<Activity> _activities;
@BoundField(
formalName = "Remarks",
description = "Additional commentary about the containing object.",
useName = "remarks"
)
@BoundFieldValue(
typeAdapter = MarkupMultilineAdapter.class
)
private MarkupMultiline _remarks;
public LocalDefinitions() {
}
public List<SystemComponent> getComponents() {
return _components;
}
public void setComponents(List<SystemComponent> value) {
_components = value;
}
/**
* Add a new {@link SystemComponent} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addComponent(SystemComponent item) {
SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_components == null) {
_components = new LinkedList<>();
}
return _components.add(value);
}
/**
* Remove the first matching {@link SystemComponent} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeComponent(SystemComponent item) {
SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _components == null ? false : _components.remove(value);
}
public List<InventoryItem> getInventoryItems() {
return _inventoryItems;
}
public void setInventoryItems(List<InventoryItem> value) {
_inventoryItems = value;
}
/**
* Add a new {@link InventoryItem} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addInventoryItem(InventoryItem item) {
InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_inventoryItems == null) {
_inventoryItems = new LinkedList<>();
}
return _inventoryItems.add(value);
}
/**
* Remove the first matching {@link InventoryItem} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeInventoryItem(InventoryItem item) {
InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _inventoryItems == null ? false : _inventoryItems.remove(value);
}
public List<SystemUser> getUsers() {
return _users;
}
public void setUsers(List<SystemUser> value) {
_users = value;
}
/**
* Add a new {@link SystemUser} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addUser(SystemUser item) {
SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_users == null) {
_users = new LinkedList<>();
}
return _users.add(value);
}
/**
* Remove the first matching {@link SystemUser} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeUser(SystemUser item) {
SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _users == null ? false : _users.remove(value);
}
public List<LocalObjective> getObjectivesAndMethods() {
return _objectivesAndMethods;
}
public void setObjectivesAndMethods(List<LocalObjective> value) {
_objectivesAndMethods = value;
}
/**
* Add a new {@link LocalObjective} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addObjectivesAndMethods(LocalObjective item) {
LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_objectivesAndMethods == null) {
_objectivesAndMethods = new LinkedList<>();
}
return _objectivesAndMethods.add(value);
}
/**
* Remove the first matching {@link LocalObjective} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeObjectivesAndMethods(LocalObjective item) {
LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _objectivesAndMethods == null ? false : _objectivesAndMethods.remove(value);
}
public List<Activity> getActivities() {
return _activities;
}
public void setActivities(List<Activity> value) {
_activities = value;
}
/**
* Add a new {@link Activity} item to the underlying collection.
* @param item the item to add
* @return {@code true}
*/
public boolean addActivity(Activity item) {
Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
if (_activities == null) {
_activities = new LinkedList<>();
}
return _activities.add(value);
}
/**
* Remove the first matching {@link Activity} item from the underlying collection.
* @param item the item to remove
* @return {@code true} if the item was removed or {@code false} otherwise
*/
public boolean removeActivity(Activity item) {
Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
return _activities == null ? false : _activities.remove(value);
}
public MarkupMultiline getRemarks() {
return _remarks;
}
public void setRemarks(MarkupMultiline value) {
_remarks = value;
}
@Override
public String toString() {
return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
}
}
}