1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
9 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
10 import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
11 import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
12 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
13 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
14 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
15 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
16 import gov.nist.secauto.metaschema.model.common.datatype.adapter.DateAdapter;
17 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
18 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
19 import gov.nist.secauto.metaschema.model.common.datatype.object.Date;
20 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
21 import java.lang.Override;
22 import java.lang.String;
23 import java.util.LinkedList;
24 import java.util.List;
25 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
26 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
27
28
29
30
31 @MetaschemaAssembly(
32 formalName = "System Characteristics",
33 description = "Contains the characteristics of the system, such as its name, purpose, and security impact level.",
34 name = "system-characteristics",
35 metaschema = OscalSspMetaschema.class
36 )
37 @ValueConstraints(
38 allowedValues = {
39 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "identity-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "authenticator-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "federation-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3).")}),
40 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[@name=('identity-assurance-level','authenticator-assurance-level','federation-assurance-level')]/@value", values = {@AllowedValue(value = "1", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "2", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "3", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3).")}),
41 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "cloud-deployment-model", description = "The associated value is one of: public-cloud, private-cloud, community-cloud, government-only-cloud, hybrid-cloud, or other."), @AllowedValue(value = "cloud-service-model", description = "The associated value is one of: saas, paas, iaas, or other.")}),
42 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-deployment-model']/@value", values = {@AllowedValue(value = "public-cloud", description = "The public cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "private-cloud", description = "The private cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "community-cloud", description = "The community cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "hybrid-cloud", description = "The hybrid cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "government-only-cloud", description = "A specific type of community-cloud for use only by government services."), @AllowedValue(value = "other", description = "Any other type of cloud deployment model that is exclusive to the other choices.")}, remarks = "The hybrid cloud deployment model, as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145), can be supported by selecting two or more of the existing deployment models."),
43 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-service-model']/@value", values = {@AllowedValue(value = "saas", description = "Software as a service (SaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "paas", description = "Platform as a service (PaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "iaas", description = "Infrastructure as a service (IaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "other", description = "Any other type of cloud service model that is exclusive to the other choices.")}),
44 @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-party/@role-id", allowOthers = true, values = {@AllowedValue(value = "authorizing-official", description = "The authorizing official for this system."), @AllowedValue(value = "authorizing-official-poc", description = "The authorizing official's designated point of contact (POC) for this system."), @AllowedValue(value = "system-owner", description = "The executive ultimately accountable for the system."), @AllowedValue(value = "system-poc-management", description = "The primary management-level point of contact (POC) for the system."), @AllowedValue(value = "system-poc-technical", description = "The primary technical point of contact (POC) for the system."), @AllowedValue(value = "system-poc-other", description = "Other point of contact (POC) for the system that is not the management or technical POC."), @AllowedValue(value = "information-system-security-officer", description = "The primary role responsible for ensuring the organization operates the system securely."), @AllowedValue(value = "privacy-poc", description = "The point of contact (POC) responsible for identifying privacy information within the system, and ensuring its protection if present.")})
45 }
46 )
47 @AssemblyConstraints(
48 isUnique = @IsUnique(id = "unique-ssp-system-characteristics-responsible-party", level = IConstraint.Level.ERROR, target = "responsible-party", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-party` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once.")
49 )
50 public class SystemCharacteristics {
51 @BoundField(
52 formalName = "System Identification",
53 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system identification property elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). When referencing an externally defined `system identification`, the `system identification` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same system across revisions of the document.",
54 useName = "system-id",
55 minOccurs = 1,
56 maxOccurs = -1
57 )
58 @GroupAs(
59 name = "system-ids",
60 inJson = JsonGroupAsBehavior.LIST
61 )
62 private List<SystemId> _systemIds;
63
64
65
66
67 @BoundField(
68 formalName = "System Name - Full",
69 description = "The full name of the system.",
70 useName = "system-name",
71 minOccurs = 1
72 )
73 private String _systemName;
74
75
76
77
78 @BoundField(
79 formalName = "System Name - Short",
80 description = "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.",
81 useName = "system-name-short",
82 remarks = "Since `system-name-short` is optional, if the `system-name-short` is not provided, the `system-name` can be used as a substitute."
83 )
84 private String _systemNameShort;
85
86
87
88
89 @BoundField(
90 formalName = "System Description",
91 description = "A summary of the system.",
92 useName = "description",
93 minOccurs = 1
94 )
95 @BoundFieldValue(
96 typeAdapter = MarkupMultilineAdapter.class
97 )
98 private MarkupMultiline _description;
99
100 @BoundAssembly(
101 formalName = "Property",
102 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
103 useName = "prop",
104 maxOccurs = -1
105 )
106 @GroupAs(
107 name = "props",
108 inJson = JsonGroupAsBehavior.LIST
109 )
110 private List<Property> _props;
111
112 @BoundAssembly(
113 formalName = "Link",
114 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
115 useName = "link",
116 maxOccurs = -1
117 )
118 @GroupAs(
119 name = "links",
120 inJson = JsonGroupAsBehavior.LIST
121 )
122 private List<Link> _links;
123
124 @BoundField(
125 formalName = "System Authorization Date",
126 description = "The date the system received its authorization.",
127 useName = "date-authorized"
128 )
129 @BoundFieldValue(
130 typeAdapter = DateAdapter.class
131 )
132 private Date _dateAuthorized;
133
134
135
136
137 @BoundField(
138 formalName = "Security Sensitivity Level",
139 description = "The overall information system sensitivity categorization, such as defined by [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199).",
140 useName = "security-sensitivity-level",
141 remarks = "Often, organizations require the security sensitivity level to correspond with the highest confidentiality, integrity, or availability level identified by `security-impact-level`."
142 )
143 private String _securitySensitivityLevel;
144
145 @BoundAssembly(
146 formalName = "System Information",
147 description = "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
148 useName = "system-information",
149 minOccurs = 1
150 )
151 private SystemInformation _systemInformation;
152
153 @BoundAssembly(
154 formalName = "Security Impact Level",
155 description = "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.",
156 useName = "security-impact-level"
157 )
158 private SecurityImpactLevel _securityImpactLevel;
159
160 @BoundAssembly(
161 formalName = "Status",
162 description = "Describes the operational status of the system.",
163 useName = "status",
164 minOccurs = 1
165 )
166 private Status _status;
167
168 @BoundAssembly(
169 formalName = "Authorization Boundary",
170 description = "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.",
171 useName = "authorization-boundary",
172 minOccurs = 1
173 )
174 private AuthorizationBoundary _authorizationBoundary;
175
176 @BoundAssembly(
177 formalName = "Network Architecture",
178 description = "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.",
179 useName = "network-architecture"
180 )
181 private NetworkArchitecture _networkArchitecture;
182
183 @BoundAssembly(
184 formalName = "Data Flow",
185 description = "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.",
186 useName = "data-flow"
187 )
188 private DataFlow _dataFlow;
189
190 @BoundAssembly(
191 formalName = "Responsible Party",
192 description = "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.",
193 useName = "responsible-party",
194 maxOccurs = -1
195 )
196 @GroupAs(
197 name = "responsible-parties",
198 inJson = JsonGroupAsBehavior.LIST
199 )
200 private List<ResponsibleParty> _responsibleParties;
201
202 @BoundField(
203 formalName = "Remarks",
204 description = "Additional commentary about the containing object.",
205 useName = "remarks"
206 )
207 @BoundFieldValue(
208 typeAdapter = MarkupMultilineAdapter.class
209 )
210 private MarkupMultiline _remarks;
211
212 public SystemCharacteristics() {
213 }
214
215 public List<SystemId> getSystemIds() {
216 return _systemIds;
217 }
218
219 public void setSystemIds(List<SystemId> value) {
220 _systemIds = value;
221 }
222
223
224
225
226
227
228 public boolean addSystemId(SystemId item) {
229 SystemId value = ObjectUtils.requireNonNull(item,"item cannot be null");
230 if (_systemIds == null) {
231 _systemIds = new LinkedList<>();
232 }
233 return _systemIds.add(value);
234 }
235
236
237
238
239
240
241 public boolean removeSystemId(SystemId item) {
242 SystemId value = ObjectUtils.requireNonNull(item,"item cannot be null");
243 return _systemIds == null ? false : _systemIds.remove(value);
244 }
245
246 public String getSystemName() {
247 return _systemName;
248 }
249
250 public void setSystemName(String value) {
251 _systemName = value;
252 }
253
254 public String getSystemNameShort() {
255 return _systemNameShort;
256 }
257
258 public void setSystemNameShort(String value) {
259 _systemNameShort = value;
260 }
261
262 public MarkupMultiline getDescription() {
263 return _description;
264 }
265
266 public void setDescription(MarkupMultiline value) {
267 _description = value;
268 }
269
270 public List<Property> getProps() {
271 return _props;
272 }
273
274 public void setProps(List<Property> value) {
275 _props = value;
276 }
277
278
279
280
281
282
283 public boolean addProp(Property item) {
284 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
285 if (_props == null) {
286 _props = new LinkedList<>();
287 }
288 return _props.add(value);
289 }
290
291
292
293
294
295
296 public boolean removeProp(Property item) {
297 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
298 return _props == null ? false : _props.remove(value);
299 }
300
301 public List<Link> getLinks() {
302 return _links;
303 }
304
305 public void setLinks(List<Link> value) {
306 _links = value;
307 }
308
309
310
311
312
313
314 public boolean addLink(Link item) {
315 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
316 if (_links == null) {
317 _links = new LinkedList<>();
318 }
319 return _links.add(value);
320 }
321
322
323
324
325
326
327 public boolean removeLink(Link item) {
328 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
329 return _links == null ? false : _links.remove(value);
330 }
331
332 public Date getDateAuthorized() {
333 return _dateAuthorized;
334 }
335
336 public void setDateAuthorized(Date value) {
337 _dateAuthorized = value;
338 }
339
340 public String getSecuritySensitivityLevel() {
341 return _securitySensitivityLevel;
342 }
343
344 public void setSecuritySensitivityLevel(String value) {
345 _securitySensitivityLevel = value;
346 }
347
348 public SystemInformation getSystemInformation() {
349 return _systemInformation;
350 }
351
352 public void setSystemInformation(SystemInformation value) {
353 _systemInformation = value;
354 }
355
356 public SecurityImpactLevel getSecurityImpactLevel() {
357 return _securityImpactLevel;
358 }
359
360 public void setSecurityImpactLevel(SecurityImpactLevel value) {
361 _securityImpactLevel = value;
362 }
363
364 public Status getStatus() {
365 return _status;
366 }
367
368 public void setStatus(Status value) {
369 _status = value;
370 }
371
372 public AuthorizationBoundary getAuthorizationBoundary() {
373 return _authorizationBoundary;
374 }
375
376 public void setAuthorizationBoundary(AuthorizationBoundary value) {
377 _authorizationBoundary = value;
378 }
379
380 public NetworkArchitecture getNetworkArchitecture() {
381 return _networkArchitecture;
382 }
383
384 public void setNetworkArchitecture(NetworkArchitecture value) {
385 _networkArchitecture = value;
386 }
387
388 public DataFlow getDataFlow() {
389 return _dataFlow;
390 }
391
392 public void setDataFlow(DataFlow value) {
393 _dataFlow = value;
394 }
395
396 public List<ResponsibleParty> getResponsibleParties() {
397 return _responsibleParties;
398 }
399
400 public void setResponsibleParties(List<ResponsibleParty> value) {
401 _responsibleParties = value;
402 }
403
404
405
406
407
408
409 public boolean addResponsibleParty(ResponsibleParty item) {
410 ResponsibleParty value = ObjectUtils.requireNonNull(item,"item cannot be null");
411 if (_responsibleParties == null) {
412 _responsibleParties = new LinkedList<>();
413 }
414 return _responsibleParties.add(value);
415 }
416
417
418
419
420
421
422 public boolean removeResponsibleParty(ResponsibleParty item) {
423 ResponsibleParty value = ObjectUtils.requireNonNull(item,"item cannot be null");
424 return _responsibleParties == null ? false : _responsibleParties.remove(value);
425 }
426
427 public MarkupMultiline getRemarks() {
428 return _remarks;
429 }
430
431 public void setRemarks(MarkupMultiline value) {
432 _remarks = value;
433 }
434
435 @Override
436 public String toString() {
437 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
438 }
439 }