1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
9 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
10 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
11 import gov.nist.secauto.metaschema.binding.model.annotations.HasCardinality;
12 import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey;
13 import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
14 import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
15 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
16 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
17 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
18 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
19 import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
20 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
21 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
22 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
23 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
24 import java.lang.Override;
25 import java.lang.String;
26 import java.util.LinkedList;
27 import java.util.List;
28 import java.util.UUID;
29 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
30 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
31
32
33
34
35 @MetaschemaAssembly(
36 formalName = "Control-based Requirement",
37 description = "Describes how the system satisfies the requirements of an individual control.",
38 name = "implemented-requirement",
39 metaschema = OscalSspMetaschema.class,
40 remarks = "Use of `set-parameter` in this context, sets the parameter for the referenced control. Any `set-parameter` defined in a child context will override this value. If not overridden by a child, this value applies in the child context."
41 )
42 @ValueConstraints(
43 allowedValues = {
44 @AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "control-origination", description = "Identifies the source of the implemented control. Any `control-origination` prop defined in a child context will override the parent value.")),
45 @AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='control-origination']/@value", values = {@AllowedValue(value = "organization", description = "The control is implemented by the organization owning the system, but is not specific to the system itself."), @AllowedValue(value = "system-specific", description = "The control is implemented specifically to this system."), @AllowedValue(value = "customer-configured", description = "The control is provided by the system, but must be configured by the customer."), @AllowedValue(value = "customer-provided", description = "The control must be implemented by the customer."), @AllowedValue(value = "inherited", description = "This control is inherited from an underlying system.")}),
46 @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")})
47 },
48 indexHasKey = {
49 @IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-role-id", keyFields = @KeyField(target = "@role-id")),
50 @IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-party-uuid", keyFields = @KeyField(target = "party-uuid"))
51 }
52 )
53 @AssemblyConstraints(
54 isUnique = {
55 @IsUnique(id = "unique-ssp-implemented-requirement-set-parameter", level = IConstraint.Level.ERROR, target = "set-parameter", keyFields = @KeyField(target = "@param-id"), remarks = "Since multiple `set-parameter` entries can be provided, each parameter must be set only once."),
56 @IsUnique(id = "unique-ssp-implemented-requirement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."),
57 @IsUnique(id = "unique-ssp-implemented-requirement-statement", level = IConstraint.Level.ERROR, target = "statement", keyFields = @KeyField(target = "@statement-id"), remarks = "Since `statement` entries can be referenced using the statement's statement-id, each statement must be referenced only once."),
58 @IsUnique(id = "unique-ssp-implemented-requirement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.")
59 },
60 hasCardinality = @HasCardinality(level = IConstraint.Level.ERROR, target = ".//by-component", minOccurs = 1)
61 )
62 public class ImplementedRequirement {
63 @BoundFlag(
64 formalName = "Control Requirement Universally Unique Identifier",
65 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control requirement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `control requirement` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
66 useName = "uuid",
67 required = true,
68 typeAdapter = UuidAdapter.class
69 )
70 private UUID _uuid;
71
72 @BoundFlag(
73 formalName = "Control Identifier Reference",
74 description = "A reference to a control with a corresponding `id` value. When referencing an externally defined `control`, the `Control Identifier Reference` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).",
75 useName = "control-id",
76 required = true,
77 typeAdapter = TokenAdapter.class
78 )
79 private String _controlId;
80
81 @BoundAssembly(
82 formalName = "Property",
83 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
84 useName = "prop",
85 maxOccurs = -1
86 )
87 @GroupAs(
88 name = "props",
89 inJson = JsonGroupAsBehavior.LIST
90 )
91 private List<Property> _props;
92
93 @BoundAssembly(
94 formalName = "Link",
95 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
96 useName = "link",
97 maxOccurs = -1
98 )
99 @GroupAs(
100 name = "links",
101 inJson = JsonGroupAsBehavior.LIST
102 )
103 private List<Link> _links;
104
105 @BoundAssembly(
106 formalName = "Set Parameter Value",
107 description = "Identifies the parameter that will be set by the enclosed value.",
108 useName = "set-parameter",
109 maxOccurs = -1
110 )
111 @GroupAs(
112 name = "set-parameters",
113 inJson = JsonGroupAsBehavior.LIST
114 )
115 private List<SetParameter> _setParameters;
116
117 @BoundAssembly(
118 formalName = "Responsible Role",
119 description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.",
120 useName = "responsible-role",
121 maxOccurs = -1
122 )
123 @GroupAs(
124 name = "responsible-roles",
125 inJson = JsonGroupAsBehavior.LIST
126 )
127 private List<ResponsibleRole> _responsibleRoles;
128
129 @BoundAssembly(
130 formalName = "Specific Control Statement",
131 description = "Identifies which statements within a control are addressed.",
132 useName = "statement",
133 maxOccurs = -1
134 )
135 @GroupAs(
136 name = "statements",
137 inJson = JsonGroupAsBehavior.LIST
138 )
139 private List<Statement> _statements;
140
141 @BoundAssembly(
142 formalName = "Component Control Implementation",
143 description = "Defines how the referenced component implements a set of controls.",
144 useName = "by-component",
145 maxOccurs = -1
146 )
147 @GroupAs(
148 name = "by-components",
149 inJson = JsonGroupAsBehavior.LIST
150 )
151 private List<ByComponent> _byComponents;
152
153 @BoundField(
154 formalName = "Remarks",
155 description = "Additional commentary about the containing object.",
156 useName = "remarks"
157 )
158 @BoundFieldValue(
159 typeAdapter = MarkupMultilineAdapter.class
160 )
161 private MarkupMultiline _remarks;
162
163 public ImplementedRequirement() {
164 }
165
166 public UUID getUuid() {
167 return _uuid;
168 }
169
170 public void setUuid(UUID value) {
171 _uuid = value;
172 }
173
174 public String getControlId() {
175 return _controlId;
176 }
177
178 public void setControlId(String value) {
179 _controlId = value;
180 }
181
182 public List<Property> getProps() {
183 return _props;
184 }
185
186 public void setProps(List<Property> value) {
187 _props = value;
188 }
189
190
191
192
193
194
195 public boolean addProp(Property item) {
196 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
197 if (_props == null) {
198 _props = new LinkedList<>();
199 }
200 return _props.add(value);
201 }
202
203
204
205
206
207
208 public boolean removeProp(Property item) {
209 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
210 return _props == null ? false : _props.remove(value);
211 }
212
213 public List<Link> getLinks() {
214 return _links;
215 }
216
217 public void setLinks(List<Link> value) {
218 _links = value;
219 }
220
221
222
223
224
225
226 public boolean addLink(Link item) {
227 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
228 if (_links == null) {
229 _links = new LinkedList<>();
230 }
231 return _links.add(value);
232 }
233
234
235
236
237
238
239 public boolean removeLink(Link item) {
240 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
241 return _links == null ? false : _links.remove(value);
242 }
243
244 public List<SetParameter> getSetParameters() {
245 return _setParameters;
246 }
247
248 public void setSetParameters(List<SetParameter> value) {
249 _setParameters = value;
250 }
251
252
253
254
255
256
257 public boolean addSetParameter(SetParameter item) {
258 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null");
259 if (_setParameters == null) {
260 _setParameters = new LinkedList<>();
261 }
262 return _setParameters.add(value);
263 }
264
265
266
267
268
269
270 public boolean removeSetParameter(SetParameter item) {
271 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null");
272 return _setParameters == null ? false : _setParameters.remove(value);
273 }
274
275 public List<ResponsibleRole> getResponsibleRoles() {
276 return _responsibleRoles;
277 }
278
279 public void setResponsibleRoles(List<ResponsibleRole> value) {
280 _responsibleRoles = value;
281 }
282
283
284
285
286
287
288 public boolean addResponsibleRole(ResponsibleRole item) {
289 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
290 if (_responsibleRoles == null) {
291 _responsibleRoles = new LinkedList<>();
292 }
293 return _responsibleRoles.add(value);
294 }
295
296
297
298
299
300
301 public boolean removeResponsibleRole(ResponsibleRole item) {
302 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null");
303 return _responsibleRoles == null ? false : _responsibleRoles.remove(value);
304 }
305
306 public List<Statement> getStatements() {
307 return _statements;
308 }
309
310 public void setStatements(List<Statement> value) {
311 _statements = value;
312 }
313
314
315
316
317
318
319 public boolean addStatement(Statement item) {
320 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null");
321 if (_statements == null) {
322 _statements = new LinkedList<>();
323 }
324 return _statements.add(value);
325 }
326
327
328
329
330
331
332 public boolean removeStatement(Statement item) {
333 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null");
334 return _statements == null ? false : _statements.remove(value);
335 }
336
337 public List<ByComponent> getByComponents() {
338 return _byComponents;
339 }
340
341 public void setByComponents(List<ByComponent> value) {
342 _byComponents = value;
343 }
344
345
346
347
348
349
350 public boolean addByComponent(ByComponent item) {
351 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
352 if (_byComponents == null) {
353 _byComponents = new LinkedList<>();
354 }
355 return _byComponents.add(value);
356 }
357
358
359
360
361
362
363 public boolean removeByComponent(ByComponent item) {
364 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null");
365 return _byComponents == null ? false : _byComponents.remove(value);
366 }
367
368 public MarkupMultiline getRemarks() {
369 return _remarks;
370 }
371
372 public void setRemarks(MarkupMultiline value) {
373 _remarks = value;
374 }
375
376 @Override
377 public String toString() {
378 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
379 }
380 }