View Javadoc
1   package gov.nist.secauto.oscal.lib.model;
2   
3   import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4   import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5   import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
6   import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
7   import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
8   import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
9   import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
10  import gov.nist.secauto.metaschema.binding.model.annotations.Matches;
11  import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
12  import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
13  import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
14  import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
15  import gov.nist.secauto.metaschema.model.common.datatype.adapter.DateTimeWithTZAdapter;
16  import gov.nist.secauto.metaschema.model.common.datatype.adapter.IntegerAdapter;
17  import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
18  import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
19  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
20  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
21  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
22  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
23  import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
24  import java.lang.Override;
25  import java.lang.String;
26  import java.time.ZonedDateTime;
27  import java.util.LinkedList;
28  import java.util.List;
29  import java.util.UUID;
30  import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
31  import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
32  
33  /**
34   * An identified risk.
35   */
36  @MetaschemaAssembly(
37      formalName = "Identified Risk",
38      description = "An identified risk.",
39      name = "risk",
40      metaschema = OscalAssessmentCommonMetaschema.class
41  )
42  @ValueConstraints(
43      allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "false-positive", description = "The risk has been confirmed to be a false positive."), @AllowedValue(value = "accepted", description = "The risk has been accepted. No further action will be taken."), @AllowedValue(value = "risk-adjusted", description = "The risk has been adjusted."), @AllowedValue(value = "priority", description = "A numeric value indicating the sequence in which risks should be addressed. (Lower numbers are higher priority)")}),
44      matches = @Matches(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='priority']/@value", typeAdapter = IntegerAdapter.class)
45  )
46  public class Risk {
47    @BoundFlag(
48        formalName = "Risk Universally Unique Identifier",
49        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this risk elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
50        useName = "uuid",
51        required = true,
52        typeAdapter = UuidAdapter.class
53    )
54    private UUID _uuid;
55  
56    /**
57     * "The title for this risk."
58     */
59    @BoundField(
60        formalName = "Risk Title",
61        description = "The title for this risk.",
62        useName = "title",
63        minOccurs = 1
64    )
65    @BoundFieldValue(
66        typeAdapter = MarkupLineAdapter.class
67    )
68    private MarkupLine _title;
69  
70    /**
71     * "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system."
72     */
73    @BoundField(
74        formalName = "Risk Description",
75        description = "A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.",
76        useName = "description",
77        minOccurs = 1
78    )
79    @BoundFieldValue(
80        typeAdapter = MarkupMultilineAdapter.class
81    )
82    private MarkupMultiline _description;
83  
84    /**
85     * "An summary of impact for how the risk affects the system."
86     */
87    @BoundField(
88        formalName = "Risk Statement",
89        description = "An summary of impact for how the risk affects the system.",
90        useName = "statement",
91        minOccurs = 1
92    )
93    @BoundFieldValue(
94        typeAdapter = MarkupMultilineAdapter.class
95    )
96    private MarkupMultiline _statement;
97  
98    @BoundAssembly(
99        formalName = "Property",
100       description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
101       useName = "prop",
102       maxOccurs = -1
103   )
104   @GroupAs(
105       name = "props",
106       inJson = JsonGroupAsBehavior.LIST
107   )
108   private List<Property> _props;
109 
110   @BoundAssembly(
111       formalName = "Link",
112       description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
113       useName = "link",
114       maxOccurs = -1
115   )
116   @GroupAs(
117       name = "links",
118       inJson = JsonGroupAsBehavior.LIST
119   )
120   private List<Link> _links;
121 
122   @BoundField(
123       formalName = "Risk Status",
124       description = "Describes the status of the associated risk.",
125       useName = "status",
126       minOccurs = 1
127   )
128   @BoundFieldValue(
129       typeAdapter = TokenAdapter.class
130   )
131   @ValueConstraints(
132       allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "open", description = "The risk has been identified."), @AllowedValue(value = "investigating", description = "The identified risk is being investigated. (Open risk)"), @AllowedValue(value = "remediating", description = "Remediation activities are underway, but are not yet complete. (Open risk)"), @AllowedValue(value = "deviation-requested", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been submitted for approval. (Open risk)"), @AllowedValue(value = "deviation-approved", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been approved. (Open risk)"), @AllowedValue(value = "closed", description = "The risk has been resolved.")})
133   )
134   private String _status;
135 
136   @BoundAssembly(
137       formalName = "Origin",
138       description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
139       useName = "origin",
140       maxOccurs = -1,
141       remarks = "Used to identify the individual and/or tool that identified this risk."
142   )
143   @GroupAs(
144       name = "origins",
145       inJson = JsonGroupAsBehavior.LIST
146   )
147   private List<Origin> _origins;
148 
149   @BoundField(
150       formalName = "Threat ID",
151       description = "A pointer, by ID, to an externally-defined threat.",
152       useName = "threat-id",
153       maxOccurs = -1
154   )
155   @GroupAs(
156       name = "threat-ids",
157       inJson = JsonGroupAsBehavior.LIST
158   )
159   private List<ThreatId> _threatIds;
160 
161   @BoundAssembly(
162       formalName = "Characterization",
163       description = "A collection of descriptive data about the containing object from a specific origin.",
164       useName = "characterization",
165       maxOccurs = -1
166   )
167   @GroupAs(
168       name = "characterizations",
169       inJson = JsonGroupAsBehavior.LIST
170   )
171   private List<Characterization> _characterizations;
172 
173   /**
174    * "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP."
175    */
176   @BoundAssembly(
177       formalName = "Mitigating Factor",
178       description = "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.",
179       useName = "mitigating-factor",
180       maxOccurs = -1
181   )
182   @GroupAs(
183       name = "mitigating-factors",
184       inJson = JsonGroupAsBehavior.LIST
185   )
186   private List<MitigatingFactor> _mitigatingFactors;
187 
188   /**
189    * "The date/time by which the risk must be resolved."
190    */
191   @BoundField(
192       formalName = "Risk Resolution Deadline",
193       description = "The date/time by which the risk must be resolved.",
194       useName = "deadline"
195   )
196   @BoundFieldValue(
197       typeAdapter = DateTimeWithTZAdapter.class
198   )
199   private ZonedDateTime _deadline;
200 
201   @BoundAssembly(
202       formalName = "Risk Response",
203       description = "Describes either recommended or an actual plan for addressing the risk.",
204       useName = "response",
205       maxOccurs = -1
206   )
207   @GroupAs(
208       name = "remediations",
209       inJson = JsonGroupAsBehavior.LIST
210   )
211   private List<Response> _remediations;
212 
213   /**
214    * "A log of all risk-related tasks taken."
215    */
216   @BoundAssembly(
217       formalName = "Risk Log",
218       description = "A log of all risk-related tasks taken.",
219       useName = "risk-log"
220   )
221   private RiskLog _riskLog;
222 
223   /**
224    * "Relates the finding to a set of referenced observations that were used to determine the finding."
225    */
226   @BoundAssembly(
227       formalName = "Related Observation",
228       description = "Relates the finding to a set of referenced observations that were used to determine the finding.",
229       useName = "related-observation",
230       maxOccurs = -1
231   )
232   @GroupAs(
233       name = "related-observations",
234       inJson = JsonGroupAsBehavior.LIST
235   )
236   private List<RelatedObservation> _relatedObservations;
237 
238   public Risk() {
239   }
240 
241   public UUID getUuid() {
242     return _uuid;
243   }
244 
245   public void setUuid(UUID value) {
246     _uuid = value;
247   }
248 
249   public MarkupLine getTitle() {
250     return _title;
251   }
252 
253   public void setTitle(MarkupLine value) {
254     _title = value;
255   }
256 
257   public MarkupMultiline getDescription() {
258     return _description;
259   }
260 
261   public void setDescription(MarkupMultiline value) {
262     _description = value;
263   }
264 
265   public MarkupMultiline getStatement() {
266     return _statement;
267   }
268 
269   public void setStatement(MarkupMultiline value) {
270     _statement = value;
271   }
272 
273   public List<Property> getProps() {
274     return _props;
275   }
276 
277   public void setProps(List<Property> value) {
278     _props = value;
279   }
280 
281   /**
282    * Add a new {@link Property} item to the underlying collection.
283    * @param item the item to add
284    * @return {@code true}
285    */
286   public boolean addProp(Property item) {
287     Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
288     if (_props == null) {
289       _props = new LinkedList<>();
290     }
291     return _props.add(value);
292   }
293 
294   /**
295    * Remove the first matching {@link Property} item from the underlying collection.
296    * @param item the item to remove
297    * @return {@code true} if the item was removed or {@code false} otherwise
298    */
299   public boolean removeProp(Property item) {
300     Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
301     return _props == null ? false : _props.remove(value);
302   }
303 
304   public List<Link> getLinks() {
305     return _links;
306   }
307 
308   public void setLinks(List<Link> value) {
309     _links = value;
310   }
311 
312   /**
313    * Add a new {@link Link} item to the underlying collection.
314    * @param item the item to add
315    * @return {@code true}
316    */
317   public boolean addLink(Link item) {
318     Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
319     if (_links == null) {
320       _links = new LinkedList<>();
321     }
322     return _links.add(value);
323   }
324 
325   /**
326    * Remove the first matching {@link Link} item from the underlying collection.
327    * @param item the item to remove
328    * @return {@code true} if the item was removed or {@code false} otherwise
329    */
330   public boolean removeLink(Link item) {
331     Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
332     return _links == null ? false : _links.remove(value);
333   }
334 
335   public String getStatus() {
336     return _status;
337   }
338 
339   public void setStatus(String value) {
340     _status = value;
341   }
342 
343   public List<Origin> getOrigins() {
344     return _origins;
345   }
346 
347   public void setOrigins(List<Origin> value) {
348     _origins = value;
349   }
350 
351   /**
352    * Add a new {@link Origin} item to the underlying collection.
353    * @param item the item to add
354    * @return {@code true}
355    */
356   public boolean addOrigin(Origin item) {
357     Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
358     if (_origins == null) {
359       _origins = new LinkedList<>();
360     }
361     return _origins.add(value);
362   }
363 
364   /**
365    * Remove the first matching {@link Origin} item from the underlying collection.
366    * @param item the item to remove
367    * @return {@code true} if the item was removed or {@code false} otherwise
368    */
369   public boolean removeOrigin(Origin item) {
370     Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
371     return _origins == null ? false : _origins.remove(value);
372   }
373 
374   public List<ThreatId> getThreatIds() {
375     return _threatIds;
376   }
377 
378   public void setThreatIds(List<ThreatId> value) {
379     _threatIds = value;
380   }
381 
382   /**
383    * Add a new {@link ThreatId} item to the underlying collection.
384    * @param item the item to add
385    * @return {@code true}
386    */
387   public boolean addThreatId(ThreatId item) {
388     ThreatId value = ObjectUtils.requireNonNull(item,"item cannot be null");
389     if (_threatIds == null) {
390       _threatIds = new LinkedList<>();
391     }
392     return _threatIds.add(value);
393   }
394 
395   /**
396    * Remove the first matching {@link ThreatId} item from the underlying collection.
397    * @param item the item to remove
398    * @return {@code true} if the item was removed or {@code false} otherwise
399    */
400   public boolean removeThreatId(ThreatId item) {
401     ThreatId value = ObjectUtils.requireNonNull(item,"item cannot be null");
402     return _threatIds == null ? false : _threatIds.remove(value);
403   }
404 
405   public List<Characterization> getCharacterizations() {
406     return _characterizations;
407   }
408 
409   public void setCharacterizations(List<Characterization> value) {
410     _characterizations = value;
411   }
412 
413   /**
414    * Add a new {@link Characterization} item to the underlying collection.
415    * @param item the item to add
416    * @return {@code true}
417    */
418   public boolean addCharacterization(Characterization item) {
419     Characterization value = ObjectUtils.requireNonNull(item,"item cannot be null");
420     if (_characterizations == null) {
421       _characterizations = new LinkedList<>();
422     }
423     return _characterizations.add(value);
424   }
425 
426   /**
427    * Remove the first matching {@link Characterization} item from the underlying collection.
428    * @param item the item to remove
429    * @return {@code true} if the item was removed or {@code false} otherwise
430    */
431   public boolean removeCharacterization(Characterization item) {
432     Characterization value = ObjectUtils.requireNonNull(item,"item cannot be null");
433     return _characterizations == null ? false : _characterizations.remove(value);
434   }
435 
436   public List<MitigatingFactor> getMitigatingFactors() {
437     return _mitigatingFactors;
438   }
439 
440   public void setMitigatingFactors(List<MitigatingFactor> value) {
441     _mitigatingFactors = value;
442   }
443 
444   /**
445    * Add a new {@link MitigatingFactor} item to the underlying collection.
446    * @param item the item to add
447    * @return {@code true}
448    */
449   public boolean addMitigatingFactor(MitigatingFactor item) {
450     MitigatingFactor value = ObjectUtils.requireNonNull(item,"item cannot be null");
451     if (_mitigatingFactors == null) {
452       _mitigatingFactors = new LinkedList<>();
453     }
454     return _mitigatingFactors.add(value);
455   }
456 
457   /**
458    * Remove the first matching {@link MitigatingFactor} item from the underlying collection.
459    * @param item the item to remove
460    * @return {@code true} if the item was removed or {@code false} otherwise
461    */
462   public boolean removeMitigatingFactor(MitigatingFactor item) {
463     MitigatingFactor value = ObjectUtils.requireNonNull(item,"item cannot be null");
464     return _mitigatingFactors == null ? false : _mitigatingFactors.remove(value);
465   }
466 
467   public ZonedDateTime getDeadline() {
468     return _deadline;
469   }
470 
471   public void setDeadline(ZonedDateTime value) {
472     _deadline = value;
473   }
474 
475   public List<Response> getRemediations() {
476     return _remediations;
477   }
478 
479   public void setRemediations(List<Response> value) {
480     _remediations = value;
481   }
482 
483   /**
484    * Add a new {@link Response} item to the underlying collection.
485    * @param item the item to add
486    * @return {@code true}
487    */
488   public boolean addResponse(Response item) {
489     Response value = ObjectUtils.requireNonNull(item,"item cannot be null");
490     if (_remediations == null) {
491       _remediations = new LinkedList<>();
492     }
493     return _remediations.add(value);
494   }
495 
496   /**
497    * Remove the first matching {@link Response} item from the underlying collection.
498    * @param item the item to remove
499    * @return {@code true} if the item was removed or {@code false} otherwise
500    */
501   public boolean removeResponse(Response item) {
502     Response value = ObjectUtils.requireNonNull(item,"item cannot be null");
503     return _remediations == null ? false : _remediations.remove(value);
504   }
505 
506   public RiskLog getRiskLog() {
507     return _riskLog;
508   }
509 
510   public void setRiskLog(RiskLog value) {
511     _riskLog = value;
512   }
513 
514   public List<RelatedObservation> getRelatedObservations() {
515     return _relatedObservations;
516   }
517 
518   public void setRelatedObservations(List<RelatedObservation> value) {
519     _relatedObservations = value;
520   }
521 
522   /**
523    * Add a new {@link RelatedObservation} item to the underlying collection.
524    * @param item the item to add
525    * @return {@code true}
526    */
527   public boolean addRelatedObservation(RelatedObservation item) {
528     RelatedObservation value = ObjectUtils.requireNonNull(item,"item cannot be null");
529     if (_relatedObservations == null) {
530       _relatedObservations = new LinkedList<>();
531     }
532     return _relatedObservations.add(value);
533   }
534 
535   /**
536    * Remove the first matching {@link RelatedObservation} item from the underlying collection.
537    * @param item the item to remove
538    * @return {@code true} if the item was removed or {@code false} otherwise
539    */
540   public boolean removeRelatedObservation(RelatedObservation item) {
541     RelatedObservation value = ObjectUtils.requireNonNull(item,"item cannot be null");
542     return _relatedObservations == null ? false : _relatedObservations.remove(value);
543   }
544 
545   @Override
546   public String toString() {
547     return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
548   }
549 
550   /**
551    * Relates the finding to a set of referenced observations that were used to determine the finding.
552    */
553   @MetaschemaAssembly(
554       formalName = "Related Observation",
555       description = "Relates the finding to a set of referenced observations that were used to determine the finding.",
556       name = "related-observation",
557       metaschema = OscalAssessmentCommonMetaschema.class
558   )
559   public static class RelatedObservation {
560     @BoundFlag(
561         formalName = "Observation Universally Unique Identifier Reference",
562         description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented) identifier reference to an observation defined in the list of observations.",
563         useName = "observation-uuid",
564         required = true,
565         typeAdapter = UuidAdapter.class
566     )
567     private UUID _observationUuid;
568 
569     public RelatedObservation() {
570     }
571 
572     public UUID getObservationUuid() {
573       return _observationUuid;
574     }
575 
576     public void setObservationUuid(UUID value) {
577       _observationUuid = value;
578     }
579 
580     @Override
581     public String toString() {
582       return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
583     }
584   }
585 
586   /**
587    * A log of all risk-related tasks taken.
588    */
589   @MetaschemaAssembly(
590       formalName = "Risk Log",
591       description = "A log of all risk-related tasks taken.",
592       name = "risk-log",
593       metaschema = OscalAssessmentCommonMetaschema.class
594   )
595   public static class RiskLog {
596     /**
597      * "Identifies an individual risk response that occurred as part of managing an identified risk."
598      */
599     @BoundAssembly(
600         formalName = "Risk Log Entry",
601         description = "Identifies an individual risk response that occurred as part of managing an identified risk.",
602         useName = "entry",
603         minOccurs = 1,
604         maxOccurs = -1
605     )
606     @GroupAs(
607         name = "entries",
608         inJson = JsonGroupAsBehavior.LIST
609     )
610     private List<Entry> _entries;
611 
612     public RiskLog() {
613     }
614 
615     public List<Entry> getEntries() {
616       return _entries;
617     }
618 
619     public void setEntries(List<Entry> value) {
620       _entries = value;
621     }
622 
623     /**
624      * Add a new {@link Entry} item to the underlying collection.
625      * @param item the item to add
626      * @return {@code true}
627      */
628     public boolean addEntry(Entry item) {
629       Entry value = ObjectUtils.requireNonNull(item,"item cannot be null");
630       if (_entries == null) {
631         _entries = new LinkedList<>();
632       }
633       return _entries.add(value);
634     }
635 
636     /**
637      * Remove the first matching {@link Entry} item from the underlying collection.
638      * @param item the item to remove
639      * @return {@code true} if the item was removed or {@code false} otherwise
640      */
641     public boolean removeEntry(Entry item) {
642       Entry value = ObjectUtils.requireNonNull(item,"item cannot be null");
643       return _entries == null ? false : _entries.remove(value);
644     }
645 
646     @Override
647     public String toString() {
648       return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
649     }
650 
651     /**
652      * Identifies an individual risk response that occurred as part of managing an identified risk.
653      */
654     @MetaschemaAssembly(
655         formalName = "Risk Log Entry",
656         description = "Identifies an individual risk response that occurred as part of managing an identified risk.",
657         name = "entry",
658         metaschema = OscalAssessmentCommonMetaschema.class
659     )
660     @ValueConstraints(
661         allowedValues = {
662             @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "type", description = "The type of remediation tracking entry. Can be multi-valued.")),
663             @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", allowOthers = true, values = {@AllowedValue(value = "vendor-check-in", description = "Contacted vendor to determine the status of a pending fix to a known vulnerability."), @AllowedValue(value = "status-update", description = "Information related to the current state of response to this risk."), @AllowedValue(value = "milestone-complete", description = "A significant step in the response plan has been achieved."), @AllowedValue(value = "mitigation", description = "An activity was completed that reduces the likelihood or impact of this risk."), @AllowedValue(value = "remediated", description = "An activity was completed that eliminates the likelihood or impact of this risk."), @AllowedValue(value = "closed", description = "The risk is no longer applicable to the system."), @AllowedValue(value = "dr-submission", description = "A deviation request was made to the authorizing official."), @AllowedValue(value = "dr-updated", description = "A previously submitted deviation request has been modified."), @AllowedValue(value = "dr-approved", description = "The authorizing official approved the deviation."), @AllowedValue(value = "dr-rejected", description = "The authorizing official rejected the deviation.")})
664         }
665     )
666     public static class Entry {
667       @BoundFlag(
668           formalName = "Risk Log Entry Universally Unique Identifier",
669           description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this risk log entry elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk log entry` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
670           useName = "uuid",
671           required = true,
672           typeAdapter = UuidAdapter.class
673       )
674       private UUID _uuid;
675 
676       /**
677        * "The title for this risk log entry."
678        */
679       @BoundField(
680           formalName = "Title",
681           description = "The title for this risk log entry.",
682           useName = "title"
683       )
684       @BoundFieldValue(
685           typeAdapter = MarkupLineAdapter.class
686       )
687       private MarkupLine _title;
688 
689       /**
690        * "A human-readable description of what was done regarding the risk."
691        */
692       @BoundField(
693           formalName = "Risk Task Description",
694           description = "A human-readable description of what was done regarding the risk.",
695           useName = "description"
696       )
697       @BoundFieldValue(
698           typeAdapter = MarkupMultilineAdapter.class
699       )
700       private MarkupMultiline _description;
701 
702       /**
703        * "Identifies the start date and time of the event."
704        */
705       @BoundField(
706           formalName = "Start",
707           description = "Identifies the start date and time of the event.",
708           useName = "start",
709           minOccurs = 1
710       )
711       @BoundFieldValue(
712           typeAdapter = DateTimeWithTZAdapter.class
713       )
714       private ZonedDateTime _start;
715 
716       /**
717        * "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time."
718        */
719       @BoundField(
720           formalName = "End",
721           description = "Identifies the end date and time of the event. If the event is a point in time, the start and end will be the same date and time.",
722           useName = "end"
723       )
724       @BoundFieldValue(
725           typeAdapter = DateTimeWithTZAdapter.class
726       )
727       private ZonedDateTime _end;
728 
729       @BoundAssembly(
730           formalName = "Property",
731           description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
732           useName = "prop",
733           maxOccurs = -1
734       )
735       @GroupAs(
736           name = "props",
737           inJson = JsonGroupAsBehavior.LIST
738       )
739       private List<Property> _props;
740 
741       @BoundAssembly(
742           formalName = "Link",
743           description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
744           useName = "link",
745           maxOccurs = -1
746       )
747       @GroupAs(
748           name = "links",
749           inJson = JsonGroupAsBehavior.LIST
750       )
751       private List<Link> _links;
752 
753       @BoundAssembly(
754           formalName = "Logged By",
755           description = "Used to indicate who created a log entry in what role.",
756           useName = "logged-by",
757           maxOccurs = -1
758       )
759       @GroupAs(
760           name = "logged-by",
761           inJson = JsonGroupAsBehavior.LIST
762       )
763       private List<LoggedBy> _loggedBy;
764 
765       @BoundField(
766           formalName = "Risk Status",
767           description = "Describes the status of the associated risk.",
768           useName = "status-change",
769           remarks = "Identifies a change in risk status made resulting from the task described by this risk log entry. This allows the risk's status history to be captured as a sequence of risk log entries."
770       )
771       @BoundFieldValue(
772           typeAdapter = TokenAdapter.class
773       )
774       @ValueConstraints(
775           allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "open", description = "The risk has been identified."), @AllowedValue(value = "investigating", description = "The identified risk is being investigated. (Open risk)"), @AllowedValue(value = "remediating", description = "Remediation activities are underway, but are not yet complete. (Open risk)"), @AllowedValue(value = "deviation-requested", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been submitted for approval. (Open risk)"), @AllowedValue(value = "deviation-approved", description = "A risk deviation, such as false positive, risk reduction, or operational requirement has been approved. (Open risk)"), @AllowedValue(value = "closed", description = "The risk has been resolved.")})
776       )
777       private String _statusChange;
778 
779       /**
780        * "Identifies an individual risk response that this log entry is for."
781        */
782       @BoundAssembly(
783           formalName = "Risk Response Reference",
784           description = "Identifies an individual risk response that this log entry is for.",
785           useName = "related-response",
786           maxOccurs = -1
787       )
788       @GroupAs(
789           name = "related-responses",
790           inJson = JsonGroupAsBehavior.LIST
791       )
792       private List<RelatedResponse> _relatedResponses;
793 
794       @BoundField(
795           formalName = "Remarks",
796           description = "Additional commentary about the containing object.",
797           useName = "remarks"
798       )
799       @BoundFieldValue(
800           typeAdapter = MarkupMultilineAdapter.class
801       )
802       private MarkupMultiline _remarks;
803 
804       public Entry() {
805       }
806 
807       public UUID getUuid() {
808         return _uuid;
809       }
810 
811       public void setUuid(UUID value) {
812         _uuid = value;
813       }
814 
815       public MarkupLine getTitle() {
816         return _title;
817       }
818 
819       public void setTitle(MarkupLine value) {
820         _title = value;
821       }
822 
823       public MarkupMultiline getDescription() {
824         return _description;
825       }
826 
827       public void setDescription(MarkupMultiline value) {
828         _description = value;
829       }
830 
831       public ZonedDateTime getStart() {
832         return _start;
833       }
834 
835       public void setStart(ZonedDateTime value) {
836         _start = value;
837       }
838 
839       public ZonedDateTime getEnd() {
840         return _end;
841       }
842 
843       public void setEnd(ZonedDateTime value) {
844         _end = value;
845       }
846 
847       public List<Property> getProps() {
848         return _props;
849       }
850 
851       public void setProps(List<Property> value) {
852         _props = value;
853       }
854 
855       /**
856        * Add a new {@link Property} item to the underlying collection.
857        * @param item the item to add
858        * @return {@code true}
859        */
860       public boolean addProp(Property item) {
861         Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
862         if (_props == null) {
863           _props = new LinkedList<>();
864         }
865         return _props.add(value);
866       }
867 
868       /**
869        * Remove the first matching {@link Property} item from the underlying collection.
870        * @param item the item to remove
871        * @return {@code true} if the item was removed or {@code false} otherwise
872        */
873       public boolean removeProp(Property item) {
874         Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
875         return _props == null ? false : _props.remove(value);
876       }
877 
878       public List<Link> getLinks() {
879         return _links;
880       }
881 
882       public void setLinks(List<Link> value) {
883         _links = value;
884       }
885 
886       /**
887        * Add a new {@link Link} item to the underlying collection.
888        * @param item the item to add
889        * @return {@code true}
890        */
891       public boolean addLink(Link item) {
892         Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
893         if (_links == null) {
894           _links = new LinkedList<>();
895         }
896         return _links.add(value);
897       }
898 
899       /**
900        * Remove the first matching {@link Link} item from the underlying collection.
901        * @param item the item to remove
902        * @return {@code true} if the item was removed or {@code false} otherwise
903        */
904       public boolean removeLink(Link item) {
905         Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
906         return _links == null ? false : _links.remove(value);
907       }
908 
909       public List<LoggedBy> getLoggedBy() {
910         return _loggedBy;
911       }
912 
913       public void setLoggedBy(List<LoggedBy> value) {
914         _loggedBy = value;
915       }
916 
917       /**
918        * Add a new {@link LoggedBy} item to the underlying collection.
919        * @param item the item to add
920        * @return {@code true}
921        */
922       public boolean addLoggedBy(LoggedBy item) {
923         LoggedBy value = ObjectUtils.requireNonNull(item,"item cannot be null");
924         if (_loggedBy == null) {
925           _loggedBy = new LinkedList<>();
926         }
927         return _loggedBy.add(value);
928       }
929 
930       /**
931        * Remove the first matching {@link LoggedBy} item from the underlying collection.
932        * @param item the item to remove
933        * @return {@code true} if the item was removed or {@code false} otherwise
934        */
935       public boolean removeLoggedBy(LoggedBy item) {
936         LoggedBy value = ObjectUtils.requireNonNull(item,"item cannot be null");
937         return _loggedBy == null ? false : _loggedBy.remove(value);
938       }
939 
940       public String getStatusChange() {
941         return _statusChange;
942       }
943 
944       public void setStatusChange(String value) {
945         _statusChange = value;
946       }
947 
948       public List<RelatedResponse> getRelatedResponses() {
949         return _relatedResponses;
950       }
951 
952       public void setRelatedResponses(List<RelatedResponse> value) {
953         _relatedResponses = value;
954       }
955 
956       /**
957        * Add a new {@link RelatedResponse} item to the underlying collection.
958        * @param item the item to add
959        * @return {@code true}
960        */
961       public boolean addRelatedResponse(RelatedResponse item) {
962         RelatedResponse value = ObjectUtils.requireNonNull(item,"item cannot be null");
963         if (_relatedResponses == null) {
964           _relatedResponses = new LinkedList<>();
965         }
966         return _relatedResponses.add(value);
967       }
968 
969       /**
970        * Remove the first matching {@link RelatedResponse} item from the underlying collection.
971        * @param item the item to remove
972        * @return {@code true} if the item was removed or {@code false} otherwise
973        */
974       public boolean removeRelatedResponse(RelatedResponse item) {
975         RelatedResponse value = ObjectUtils.requireNonNull(item,"item cannot be null");
976         return _relatedResponses == null ? false : _relatedResponses.remove(value);
977       }
978 
979       public MarkupMultiline getRemarks() {
980         return _remarks;
981       }
982 
983       public void setRemarks(MarkupMultiline value) {
984         _remarks = value;
985       }
986 
987       @Override
988       public String toString() {
989         return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
990       }
991 
992       /**
993        * Identifies an individual risk response that this log entry is for.
994        */
995       @MetaschemaAssembly(
996           formalName = "Risk Response Reference",
997           description = "Identifies an individual risk response that this log entry is for.",
998           name = "related-response",
999           metaschema = OscalAssessmentCommonMetaschema.class
1000       )
1001       public static class RelatedResponse {
1002         @BoundFlag(
1003             formalName = "Response Universally Unique Identifier Reference",
1004             description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented) identifier reference to a unique risk response.",
1005             useName = "response-uuid",
1006             required = true,
1007             typeAdapter = UuidAdapter.class
1008         )
1009         private UUID _responseUuid;
1010 
1011         @BoundAssembly(
1012             formalName = "Property",
1013             description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
1014             useName = "prop",
1015             maxOccurs = -1
1016         )
1017         @GroupAs(
1018             name = "props",
1019             inJson = JsonGroupAsBehavior.LIST
1020         )
1021         private List<Property> _props;
1022 
1023         @BoundAssembly(
1024             formalName = "Link",
1025             description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
1026             useName = "link",
1027             maxOccurs = -1
1028         )
1029         @GroupAs(
1030             name = "links",
1031             inJson = JsonGroupAsBehavior.LIST
1032         )
1033         private List<Link> _links;
1034 
1035         @BoundAssembly(
1036             formalName = "Task Reference",
1037             description = "Identifies an individual task for which the containing object is a consequence of.",
1038             useName = "related-task",
1039             maxOccurs = -1,
1040             remarks = "This is used to identify the task(s) that this log entry was generated for."
1041         )
1042         @GroupAs(
1043             name = "related-tasks",
1044             inJson = JsonGroupAsBehavior.LIST
1045         )
1046         private List<RelatedTask> _relatedTasks;
1047 
1048         @BoundField(
1049             formalName = "Remarks",
1050             description = "Additional commentary about the containing object.",
1051             useName = "remarks"
1052         )
1053         @BoundFieldValue(
1054             typeAdapter = MarkupMultilineAdapter.class
1055         )
1056         private MarkupMultiline _remarks;
1057 
1058         public RelatedResponse() {
1059         }
1060 
1061         public UUID getResponseUuid() {
1062           return _responseUuid;
1063         }
1064 
1065         public void setResponseUuid(UUID value) {
1066           _responseUuid = value;
1067         }
1068 
1069         public List<Property> getProps() {
1070           return _props;
1071         }
1072 
1073         public void setProps(List<Property> value) {
1074           _props = value;
1075         }
1076 
1077         /**
1078          * Add a new {@link Property} item to the underlying collection.
1079          * @param item the item to add
1080          * @return {@code true}
1081          */
1082         public boolean addProp(Property item) {
1083           Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1084           if (_props == null) {
1085             _props = new LinkedList<>();
1086           }
1087           return _props.add(value);
1088         }
1089 
1090         /**
1091          * Remove the first matching {@link Property} item from the underlying collection.
1092          * @param item the item to remove
1093          * @return {@code true} if the item was removed or {@code false} otherwise
1094          */
1095         public boolean removeProp(Property item) {
1096           Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1097           return _props == null ? false : _props.remove(value);
1098         }
1099 
1100         public List<Link> getLinks() {
1101           return _links;
1102         }
1103 
1104         public void setLinks(List<Link> value) {
1105           _links = value;
1106         }
1107 
1108         /**
1109          * Add a new {@link Link} item to the underlying collection.
1110          * @param item the item to add
1111          * @return {@code true}
1112          */
1113         public boolean addLink(Link item) {
1114           Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1115           if (_links == null) {
1116             _links = new LinkedList<>();
1117           }
1118           return _links.add(value);
1119         }
1120 
1121         /**
1122          * Remove the first matching {@link Link} item from the underlying collection.
1123          * @param item the item to remove
1124          * @return {@code true} if the item was removed or {@code false} otherwise
1125          */
1126         public boolean removeLink(Link item) {
1127           Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1128           return _links == null ? false : _links.remove(value);
1129         }
1130 
1131         public List<RelatedTask> getRelatedTasks() {
1132           return _relatedTasks;
1133         }
1134 
1135         public void setRelatedTasks(List<RelatedTask> value) {
1136           _relatedTasks = value;
1137         }
1138 
1139         /**
1140          * Add a new {@link RelatedTask} item to the underlying collection.
1141          * @param item the item to add
1142          * @return {@code true}
1143          */
1144         public boolean addRelatedTask(RelatedTask item) {
1145           RelatedTask value = ObjectUtils.requireNonNull(item,"item cannot be null");
1146           if (_relatedTasks == null) {
1147             _relatedTasks = new LinkedList<>();
1148           }
1149           return _relatedTasks.add(value);
1150         }
1151 
1152         /**
1153          * Remove the first matching {@link RelatedTask} item from the underlying collection.
1154          * @param item the item to remove
1155          * @return {@code true} if the item was removed or {@code false} otherwise
1156          */
1157         public boolean removeRelatedTask(RelatedTask item) {
1158           RelatedTask value = ObjectUtils.requireNonNull(item,"item cannot be null");
1159           return _relatedTasks == null ? false : _relatedTasks.remove(value);
1160         }
1161 
1162         public MarkupMultiline getRemarks() {
1163           return _remarks;
1164         }
1165 
1166         public void setRemarks(MarkupMultiline value) {
1167           _remarks = value;
1168         }
1169 
1170         @Override
1171         public String toString() {
1172           return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
1173         }
1174       }
1175     }
1176   }
1177 
1178   /**
1179    * Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.
1180    */
1181   @MetaschemaAssembly(
1182       formalName = "Mitigating Factor",
1183       description = "Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.",
1184       name = "mitigating-factor",
1185       metaschema = OscalAssessmentCommonMetaschema.class
1186   )
1187   public static class MitigatingFactor {
1188     @BoundFlag(
1189         formalName = "Mitigating Factor Universally Unique Identifier",
1190         description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this mitigating factor elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `mitigating factor` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
1191         useName = "uuid",
1192         required = true,
1193         typeAdapter = UuidAdapter.class
1194     )
1195     private UUID _uuid;
1196 
1197     @BoundFlag(
1198         formalName = "Implementation UUID",
1199         description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this implementation statement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope)s. The locally defined *UUID* of the `implementation statement` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
1200         useName = "implementation-uuid",
1201         typeAdapter = UuidAdapter.class
1202     )
1203     private UUID _implementationUuid;
1204 
1205     /**
1206      * "A human-readable description of this mitigating factor."
1207      */
1208     @BoundField(
1209         formalName = "Mitigating Factor Description",
1210         description = "A human-readable description of this mitigating factor.",
1211         useName = "description",
1212         minOccurs = 1
1213     )
1214     @BoundFieldValue(
1215         typeAdapter = MarkupMultilineAdapter.class
1216     )
1217     private MarkupMultiline _description;
1218 
1219     @BoundAssembly(
1220         formalName = "Property",
1221         description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
1222         useName = "prop",
1223         maxOccurs = -1
1224     )
1225     @GroupAs(
1226         name = "props",
1227         inJson = JsonGroupAsBehavior.LIST
1228     )
1229     private List<Property> _props;
1230 
1231     @BoundAssembly(
1232         formalName = "Link",
1233         description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
1234         useName = "link",
1235         maxOccurs = -1
1236     )
1237     @GroupAs(
1238         name = "links",
1239         inJson = JsonGroupAsBehavior.LIST
1240     )
1241     private List<Link> _links;
1242 
1243     @BoundAssembly(
1244         formalName = "Identifies the Subject",
1245         description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.",
1246         useName = "subject",
1247         maxOccurs = -1,
1248         remarks = "Links identifiable elements of the system to this mitigating factor, such as an inventory-item or component."
1249     )
1250     @GroupAs(
1251         name = "subjects",
1252         inJson = JsonGroupAsBehavior.LIST
1253     )
1254     private List<SubjectReference> _subjects;
1255 
1256     public MitigatingFactor() {
1257     }
1258 
1259     public UUID getUuid() {
1260       return _uuid;
1261     }
1262 
1263     public void setUuid(UUID value) {
1264       _uuid = value;
1265     }
1266 
1267     public UUID getImplementationUuid() {
1268       return _implementationUuid;
1269     }
1270 
1271     public void setImplementationUuid(UUID value) {
1272       _implementationUuid = value;
1273     }
1274 
1275     public MarkupMultiline getDescription() {
1276       return _description;
1277     }
1278 
1279     public void setDescription(MarkupMultiline value) {
1280       _description = value;
1281     }
1282 
1283     public List<Property> getProps() {
1284       return _props;
1285     }
1286 
1287     public void setProps(List<Property> value) {
1288       _props = value;
1289     }
1290 
1291     /**
1292      * Add a new {@link Property} item to the underlying collection.
1293      * @param item the item to add
1294      * @return {@code true}
1295      */
1296     public boolean addProp(Property item) {
1297       Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1298       if (_props == null) {
1299         _props = new LinkedList<>();
1300       }
1301       return _props.add(value);
1302     }
1303 
1304     /**
1305      * Remove the first matching {@link Property} item from the underlying collection.
1306      * @param item the item to remove
1307      * @return {@code true} if the item was removed or {@code false} otherwise
1308      */
1309     public boolean removeProp(Property item) {
1310       Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
1311       return _props == null ? false : _props.remove(value);
1312     }
1313 
1314     public List<Link> getLinks() {
1315       return _links;
1316     }
1317 
1318     public void setLinks(List<Link> value) {
1319       _links = value;
1320     }
1321 
1322     /**
1323      * Add a new {@link Link} item to the underlying collection.
1324      * @param item the item to add
1325      * @return {@code true}
1326      */
1327     public boolean addLink(Link item) {
1328       Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1329       if (_links == null) {
1330         _links = new LinkedList<>();
1331       }
1332       return _links.add(value);
1333     }
1334 
1335     /**
1336      * Remove the first matching {@link Link} item from the underlying collection.
1337      * @param item the item to remove
1338      * @return {@code true} if the item was removed or {@code false} otherwise
1339      */
1340     public boolean removeLink(Link item) {
1341       Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
1342       return _links == null ? false : _links.remove(value);
1343     }
1344 
1345     public List<SubjectReference> getSubjects() {
1346       return _subjects;
1347     }
1348 
1349     public void setSubjects(List<SubjectReference> value) {
1350       _subjects = value;
1351     }
1352 
1353     /**
1354      * Add a new {@link SubjectReference} item to the underlying collection.
1355      * @param item the item to add
1356      * @return {@code true}
1357      */
1358     public boolean addSubject(SubjectReference item) {
1359       SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
1360       if (_subjects == null) {
1361         _subjects = new LinkedList<>();
1362       }
1363       return _subjects.add(value);
1364     }
1365 
1366     /**
1367      * Remove the first matching {@link SubjectReference} item from the underlying collection.
1368      * @param item the item to remove
1369      * @return {@code true} if the item was removed or {@code false} otherwise
1370      */
1371     public boolean removeSubject(SubjectReference item) {
1372       SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
1373       return _subjects == null ? false : _subjects.remove(value);
1374     }
1375 
1376     @Override
1377     public String toString() {
1378       return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
1379     }
1380   }
1381 }