1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
4 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
5 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
6 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
7 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
8 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
9 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
10 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
11 import java.lang.Override;
12 import java.lang.String;
13 import java.util.LinkedList;
14 import java.util.List;
15 import java.util.UUID;
16 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
17 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
18
19
20
21
22 @MetaschemaAssembly(
23 formalName = "Plan of Action and Milestones (POA&M)",
24 description = "A plan of action and milestones which identifies initial and residual risks, deviations, and disposition, such as those required by FedRAMP.",
25 name = "plan-of-action-and-milestones",
26 metaschema = OscalPoamMetaschema.class,
27 rootName = "plan-of-action-and-milestones",
28 remarks = "Either an OSCAL-based SSP must be imported, or a unique system-id must be specified. Both may be present."
29 )
30 public class PlanOfActionAndMilestones extends AbstractOscalInstance {
31 @BoundFlag(
32 formalName = "POA&M Universally Unique Identifier",
33 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#instance)scope that can be used to reference this POA\\&M instance in [this OSCAL instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#poam-identifiers). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
34 useName = "uuid",
35 required = true,
36 typeAdapter = UuidAdapter.class
37 )
38 private UUID _uuid;
39
40 @BoundAssembly(
41 formalName = "Document Metadata",
42 description = "Provides information about the containing document, and defines concepts that are shared across the document.",
43 useName = "metadata",
44 minOccurs = 1
45 )
46 private Metadata _metadata;
47
48 @BoundAssembly(
49 formalName = "Import System Security Plan",
50 description = "Used by the assessment plan and POA\\&M to import information about the system.",
51 useName = "import-ssp",
52 remarks = "Used by the POA\\&M to import information about the system."
53 )
54 private ImportSsp _importSsp;
55
56 @BoundField(
57 formalName = "System Identification",
58 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system identification property elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). When referencing an externally defined `system identification`, the `system identification` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same system across revisions of the document.",
59 useName = "system-id"
60 )
61 private SystemId _systemId;
62
63 @BoundAssembly(
64 formalName = "Local Definitions",
65 description = "Allows components, and inventory-items to be defined within the POA\\&M for circumstances where no OSCAL-based SSP exists, or is not delivered with the POA\\&M.",
66 useName = "local-definitions"
67 )
68 private LocalDefinitions _localDefinitions;
69
70 @BoundAssembly(
71 formalName = "Observation",
72 description = "Describes an individual observation.",
73 useName = "observation",
74 maxOccurs = -1
75 )
76 @GroupAs(
77 name = "observations",
78 inJson = JsonGroupAsBehavior.LIST
79 )
80 private List<Observation> _observations;
81
82 @BoundAssembly(
83 formalName = "Identified Risk",
84 description = "An identified risk.",
85 useName = "risk",
86 maxOccurs = -1
87 )
88 @GroupAs(
89 name = "risks",
90 inJson = JsonGroupAsBehavior.LIST
91 )
92 private List<Risk> _risks;
93
94 @BoundAssembly(
95 formalName = "Finding",
96 description = "Describes an individual finding.",
97 useName = "finding",
98 maxOccurs = -1
99 )
100 @GroupAs(
101 name = "findings",
102 inJson = JsonGroupAsBehavior.LIST
103 )
104 private List<Finding> _findings;
105
106 @BoundAssembly(
107 formalName = "POA&M Item",
108 description = "Describes an individual POA\\&M item.",
109 useName = "poam-item",
110 minOccurs = 1,
111 maxOccurs = -1
112 )
113 @GroupAs(
114 name = "poam-items",
115 inJson = JsonGroupAsBehavior.LIST
116 )
117 private List<PoamItem> _poamItems;
118
119 @BoundAssembly(
120 formalName = "Back matter",
121 description = "A collection of resources that may be referenced from within the OSCAL document instance.",
122 useName = "back-matter"
123 )
124 private BackMatter _backMatter;
125
126 public PlanOfActionAndMilestones() {
127 }
128
129 public UUID getUuid() {
130 return _uuid;
131 }
132
133 public void setUuid(UUID value) {
134 _uuid = value;
135 }
136
137 public Metadata getMetadata() {
138 return _metadata;
139 }
140
141 public void setMetadata(Metadata value) {
142 _metadata = value;
143 }
144
145 public ImportSsp getImportSsp() {
146 return _importSsp;
147 }
148
149 public void setImportSsp(ImportSsp value) {
150 _importSsp = value;
151 }
152
153 public SystemId getSystemId() {
154 return _systemId;
155 }
156
157 public void setSystemId(SystemId value) {
158 _systemId = value;
159 }
160
161 public LocalDefinitions getLocalDefinitions() {
162 return _localDefinitions;
163 }
164
165 public void setLocalDefinitions(LocalDefinitions value) {
166 _localDefinitions = value;
167 }
168
169 public List<Observation> getObservations() {
170 return _observations;
171 }
172
173 public void setObservations(List<Observation> value) {
174 _observations = value;
175 }
176
177
178
179
180
181
182 public boolean addObservation(Observation item) {
183 Observation value = ObjectUtils.requireNonNull(item,"item cannot be null");
184 if (_observations == null) {
185 _observations = new LinkedList<>();
186 }
187 return _observations.add(value);
188 }
189
190
191
192
193
194
195 public boolean removeObservation(Observation item) {
196 Observation value = ObjectUtils.requireNonNull(item,"item cannot be null");
197 return _observations == null ? false : _observations.remove(value);
198 }
199
200 public List<Risk> getRisks() {
201 return _risks;
202 }
203
204 public void setRisks(List<Risk> value) {
205 _risks = value;
206 }
207
208
209
210
211
212
213 public boolean addRisk(Risk item) {
214 Risk value = ObjectUtils.requireNonNull(item,"item cannot be null");
215 if (_risks == null) {
216 _risks = new LinkedList<>();
217 }
218 return _risks.add(value);
219 }
220
221
222
223
224
225
226 public boolean removeRisk(Risk item) {
227 Risk value = ObjectUtils.requireNonNull(item,"item cannot be null");
228 return _risks == null ? false : _risks.remove(value);
229 }
230
231 public List<Finding> getFindings() {
232 return _findings;
233 }
234
235 public void setFindings(List<Finding> value) {
236 _findings = value;
237 }
238
239
240
241
242
243
244 public boolean addFinding(Finding item) {
245 Finding value = ObjectUtils.requireNonNull(item,"item cannot be null");
246 if (_findings == null) {
247 _findings = new LinkedList<>();
248 }
249 return _findings.add(value);
250 }
251
252
253
254
255
256
257 public boolean removeFinding(Finding item) {
258 Finding value = ObjectUtils.requireNonNull(item,"item cannot be null");
259 return _findings == null ? false : _findings.remove(value);
260 }
261
262 public List<PoamItem> getPoamItems() {
263 return _poamItems;
264 }
265
266 public void setPoamItems(List<PoamItem> value) {
267 _poamItems = value;
268 }
269
270
271
272
273
274
275 public boolean addPoamItem(PoamItem item) {
276 PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
277 if (_poamItems == null) {
278 _poamItems = new LinkedList<>();
279 }
280 return _poamItems.add(value);
281 }
282
283
284
285
286
287
288 public boolean removePoamItem(PoamItem item) {
289 PoamItem value = ObjectUtils.requireNonNull(item,"item cannot be null");
290 return _poamItems == null ? false : _poamItems.remove(value);
291 }
292
293 public BackMatter getBackMatter() {
294 return _backMatter;
295 }
296
297 public void setBackMatter(BackMatter value) {
298 _backMatter = value;
299 }
300
301 @Override
302 public String toString() {
303 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
304 }
305 }