View Javadoc
1   package gov.nist.secauto.oscal.lib.model;
2   
3   import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
4   import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
5   import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
6   import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
7   import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
8   import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
9   import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
10  import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
11  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
12  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
13  import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
14  import java.lang.Override;
15  import java.lang.String;
16  import java.util.LinkedList;
17  import java.util.List;
18  import java.util.UUID;
19  import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
20  import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
21  
22  /**
23   * Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.
24   */
25  @MetaschemaAssembly(
26      formalName = "Security Assessment Results (SAR)",
27      description = "Security assessment results, such as those provided by a FedRAMP assessor in the FedRAMP Security Assessment Report.",
28      name = "assessment-results",
29      metaschema = OscalArMetaschema.class,
30      rootName = "assessment-results"
31  )
32  public class AssessmentResults {
33    @BoundFlag(
34        formalName = "Assessment Results Universally Unique Identifier",
35        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this assessment results instance in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ar-identifiers). The locally defined *UUID* of the `assessment result` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
36        useName = "uuid",
37        required = true,
38        typeAdapter = UuidAdapter.class
39    )
40    private UUID _uuid;
41  
42    @BoundAssembly(
43        formalName = "Document Metadata",
44        description = "Provides information about the containing document, and defines concepts that are shared across the document.",
45        useName = "metadata",
46        minOccurs = 1
47    )
48    private Metadata _metadata;
49  
50    @BoundAssembly(
51        formalName = "Import Assessment Plan",
52        description = "Used by assessment-results to import information about the original plan for assessing the system.",
53        useName = "import-ap",
54        minOccurs = 1,
55        remarks = "Used by the SAR to import information about the original plan for assessing the system."
56    )
57    private ImportAp _importAp;
58  
59    /**
60     * "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP."
61     */
62    @BoundAssembly(
63        formalName = "Local Definitions",
64        description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
65        useName = "local-definitions"
66    )
67    private LocalDefinitions _localDefinitions;
68  
69    @BoundAssembly(
70        formalName = "Assessment Result",
71        description = "Used by the assessment results and POA\\&M. In the assessment results, this identifies all of the assessment observations and findings, initial and residual risks, deviations, and disposition. In the POA\\&M, this identifies initial and residual risks, deviations, and disposition.",
72        useName = "result",
73        minOccurs = 1,
74        maxOccurs = -1
75    )
76    @GroupAs(
77        name = "results",
78        inJson = JsonGroupAsBehavior.LIST
79    )
80    private List<Result> _results;
81  
82    @BoundAssembly(
83        formalName = "Back matter",
84        description = "A collection of resources that may be referenced from within the OSCAL document instance.",
85        useName = "back-matter"
86    )
87    private BackMatter _backMatter;
88  
89    public AssessmentResults() {
90    }
91  
92    public UUID getUuid() {
93      return _uuid;
94    }
95  
96    public void setUuid(UUID value) {
97      _uuid = value;
98    }
99  
100   public Metadata getMetadata() {
101     return _metadata;
102   }
103 
104   public void setMetadata(Metadata value) {
105     _metadata = value;
106   }
107 
108   public ImportAp getImportAp() {
109     return _importAp;
110   }
111 
112   public void setImportAp(ImportAp value) {
113     _importAp = value;
114   }
115 
116   public LocalDefinitions getLocalDefinitions() {
117     return _localDefinitions;
118   }
119 
120   public void setLocalDefinitions(LocalDefinitions value) {
121     _localDefinitions = value;
122   }
123 
124   public List<Result> getResults() {
125     return _results;
126   }
127 
128   public void setResults(List<Result> value) {
129     _results = value;
130   }
131 
132   /**
133    * Add a new {@link Result} item to the underlying collection.
134    * @param item the item to add
135    * @return {@code true}
136    */
137   public boolean addResult(Result item) {
138     Result value = ObjectUtils.requireNonNull(item,"item cannot be null");
139     if (_results == null) {
140       _results = new LinkedList<>();
141     }
142     return _results.add(value);
143   }
144 
145   /**
146    * Remove the first matching {@link Result} item from the underlying collection.
147    * @param item the item to remove
148    * @return {@code true} if the item was removed or {@code false} otherwise
149    */
150   public boolean removeResult(Result item) {
151     Result value = ObjectUtils.requireNonNull(item,"item cannot be null");
152     return _results == null ? false : _results.remove(value);
153   }
154 
155   public BackMatter getBackMatter() {
156     return _backMatter;
157   }
158 
159   public void setBackMatter(BackMatter value) {
160     _backMatter = value;
161   }
162 
163   @Override
164   public String toString() {
165     return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
166   }
167 
168   /**
169    * Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.
170    */
171   @MetaschemaAssembly(
172       formalName = "Local Definitions",
173       description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.",
174       name = "local-definitions",
175       metaschema = OscalArMetaschema.class
176   )
177   public static class LocalDefinitions {
178     @BoundAssembly(
179         formalName = "Assessment-Specific Control Objective",
180         description = "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.",
181         useName = "objectives-and-methods",
182         maxOccurs = -1
183     )
184     @GroupAs(
185         name = "objectives-and-methods",
186         inJson = JsonGroupAsBehavior.LIST
187     )
188     private List<LocalObjective> _objectivesAndMethods;
189 
190     @BoundAssembly(
191         formalName = "Activity",
192         description = "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.",
193         useName = "activity",
194         maxOccurs = -1
195     )
196     @GroupAs(
197         name = "activities",
198         inJson = JsonGroupAsBehavior.LIST
199     )
200     private List<Activity> _activities;
201 
202     @BoundField(
203         formalName = "Remarks",
204         description = "Additional commentary about the containing object.",
205         useName = "remarks"
206     )
207     @BoundFieldValue(
208         typeAdapter = MarkupMultilineAdapter.class
209     )
210     private MarkupMultiline _remarks;
211 
212     public LocalDefinitions() {
213     }
214 
215     public List<LocalObjective> getObjectivesAndMethods() {
216       return _objectivesAndMethods;
217     }
218 
219     public void setObjectivesAndMethods(List<LocalObjective> value) {
220       _objectivesAndMethods = value;
221     }
222 
223     /**
224      * Add a new {@link LocalObjective} item to the underlying collection.
225      * @param item the item to add
226      * @return {@code true}
227      */
228     public boolean addObjectivesAndMethods(LocalObjective item) {
229       LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
230       if (_objectivesAndMethods == null) {
231         _objectivesAndMethods = new LinkedList<>();
232       }
233       return _objectivesAndMethods.add(value);
234     }
235 
236     /**
237      * Remove the first matching {@link LocalObjective} item from the underlying collection.
238      * @param item the item to remove
239      * @return {@code true} if the item was removed or {@code false} otherwise
240      */
241     public boolean removeObjectivesAndMethods(LocalObjective item) {
242       LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null");
243       return _objectivesAndMethods == null ? false : _objectivesAndMethods.remove(value);
244     }
245 
246     public List<Activity> getActivities() {
247       return _activities;
248     }
249 
250     public void setActivities(List<Activity> value) {
251       _activities = value;
252     }
253 
254     /**
255      * Add a new {@link Activity} item to the underlying collection.
256      * @param item the item to add
257      * @return {@code true}
258      */
259     public boolean addActivity(Activity item) {
260       Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
261       if (_activities == null) {
262         _activities = new LinkedList<>();
263       }
264       return _activities.add(value);
265     }
266 
267     /**
268      * Remove the first matching {@link Activity} item from the underlying collection.
269      * @param item the item to remove
270      * @return {@code true} if the item was removed or {@code false} otherwise
271      */
272     public boolean removeActivity(Activity item) {
273       Activity value = ObjectUtils.requireNonNull(item,"item cannot be null");
274       return _activities == null ? false : _activities.remove(value);
275     }
276 
277     public MarkupMultiline getRemarks() {
278       return _remarks;
279     }
280 
281     public void setRemarks(MarkupMultiline value) {
282       _remarks = value;
283     }
284 
285     @Override
286     public String toString() {
287       return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
288     }
289   }
290 }