View Javadoc
1   package gov.nist.secauto.oscal.lib.model;
2   
3   import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4   import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5   import gov.nist.secauto.metaschema.binding.model.annotations.AssemblyConstraints;
6   import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
7   import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
8   import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
9   import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
10  import gov.nist.secauto.metaschema.binding.model.annotations.IsUnique;
11  import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
12  import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
13  import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
14  import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
15  import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
16  import gov.nist.secauto.metaschema.model.common.datatype.adapter.DateAdapter;
17  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
18  import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
19  import gov.nist.secauto.metaschema.model.common.datatype.object.Date;
20  import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
21  import java.lang.Override;
22  import java.lang.String;
23  import java.util.LinkedList;
24  import java.util.List;
25  import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
26  import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
27  
28  /**
29   * Contains the characteristics of the system, such as its name, purpose, and security impact level.
30   */
31  @MetaschemaAssembly(
32      formalName = "System Characteristics",
33      description = "Contains the characteristics of the system, such as its name, purpose, and security impact level.",
34      name = "system-characteristics",
35      metaschema = OscalSspMetaschema.class
36  )
37  @ValueConstraints(
38      allowedValues = {
39          @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "identity-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "authenticator-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "federation-assurance-level", description = "A value of 1, 2, or 3 as defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3).")}),
40          @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[@name=('identity-assurance-level','authenticator-assurance-level','federation-assurance-level')]/@value", values = {@AllowedValue(value = "1", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "2", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3)."), @AllowedValue(value = "3", description = "As defined by [SP 800-63-3](https://doi.org/10.6028/NIST.SP.800-63-3).")}),
41          @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "cloud-deployment-model", description = "The associated value is one of: public-cloud, private-cloud, community-cloud, government-only-cloud, hybrid-cloud, or other."), @AllowedValue(value = "cloud-service-model", description = "The associated value is one of: saas, paas, iaas, or other.")}),
42          @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-deployment-model']/@value", values = {@AllowedValue(value = "public-cloud", description = "The public cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "private-cloud", description = "The private cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "community-cloud", description = "The community cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "hybrid-cloud", description = "The hybrid cloud deployment model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "government-only-cloud", description = "A specific type of community-cloud for use only by government services."), @AllowedValue(value = "other", description = "Any other type of cloud deployment model that is exclusive to the other choices.")}, remarks = "The hybrid cloud deployment model, as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145), can be supported by selecting two or more of the existing deployment models."),
43          @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='cloud-service-model']/@value", values = {@AllowedValue(value = "saas", description = "Software as a service (SaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "paas", description = "Platform as a service (PaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "iaas", description = "Infrastructure as a service (IaaS) cloud service model as defined by [The NIST Definition of Cloud Computing](https://doi.org/10.6028/NIST.SP.800-145)."), @AllowedValue(value = "other", description = "Any other type of cloud service model that is exclusive to the other choices.")}),
44          @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-party/@role-id", allowOthers = true, values = {@AllowedValue(value = "authorizing-official", description = "The authorizing official for this system."), @AllowedValue(value = "authorizing-official-poc", description = "The authorizing official's designated point of contact (POC) for this system."), @AllowedValue(value = "system-owner", description = "The executive ultimately accountable for the system."), @AllowedValue(value = "system-poc-management", description = "The primary management-level point of contact (POC) for the system."), @AllowedValue(value = "system-poc-technical", description = "The primary technical point of contact (POC) for the system."), @AllowedValue(value = "system-poc-other", description = "Other point of contact (POC) for the system that is not the management or technical POC."), @AllowedValue(value = "information-system-security-officer", description = "The primary role responsible for ensuring the organization operates the system securely."), @AllowedValue(value = "privacy-poc", description = "The point of contact (POC) responsible for identifying privacy information within the system, and ensuring its protection if present.")})
45      }
46  )
47  @AssemblyConstraints(
48      isUnique = @IsUnique(id = "unique-ssp-system-characteristics-responsible-party", level = IConstraint.Level.ERROR, target = "responsible-party", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-party` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once.")
49  )
50  public class SystemCharacteristics {
51    @BoundField(
52        formalName = "System Identification",
53        description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system identification property elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). When referencing an externally defined `system identification`, the `system identification` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference). This string should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same system across revisions of the document.",
54        useName = "system-id",
55        minOccurs = 1,
56        maxOccurs = -1
57    )
58    @GroupAs(
59        name = "system-ids",
60        inJson = JsonGroupAsBehavior.LIST
61    )
62    private List<SystemId> _systemIds;
63  
64    /**
65     * "The full name of the system."
66     */
67    @BoundField(
68        formalName = "System Name - Full",
69        description = "The full name of the system.",
70        useName = "system-name",
71        minOccurs = 1
72    )
73    private String _systemName;
74  
75    /**
76     * "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list."
77     */
78    @BoundField(
79        formalName = "System Name - Short",
80        description = "A short name for the system, such as an acronym, that is suitable for display in a data table or summary list.",
81        useName = "system-name-short",
82        remarks = "Since `system-name-short` is optional, if the `system-name-short` is not provided, the `system-name` can be used as a substitute."
83    )
84    private String _systemNameShort;
85  
86    /**
87     * "A summary of the system."
88     */
89    @BoundField(
90        formalName = "System Description",
91        description = "A summary of the system.",
92        useName = "description",
93        minOccurs = 1
94    )
95    @BoundFieldValue(
96        typeAdapter = MarkupMultilineAdapter.class
97    )
98    private MarkupMultiline _description;
99  
100   @BoundAssembly(
101       formalName = "Property",
102       description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
103       useName = "prop",
104       maxOccurs = -1
105   )
106   @GroupAs(
107       name = "props",
108       inJson = JsonGroupAsBehavior.LIST
109   )
110   private List<Property> _props;
111 
112   @BoundAssembly(
113       formalName = "Link",
114       description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
115       useName = "link",
116       maxOccurs = -1
117   )
118   @GroupAs(
119       name = "links",
120       inJson = JsonGroupAsBehavior.LIST
121   )
122   private List<Link> _links;
123 
124   @BoundField(
125       formalName = "System Authorization Date",
126       description = "The date the system received its authorization.",
127       useName = "date-authorized"
128   )
129   @BoundFieldValue(
130       typeAdapter = DateAdapter.class
131   )
132   private Date _dateAuthorized;
133 
134   /**
135    * "The overall information system sensitivity categorization, such as defined by <a href=\"https://doi.org/10.6028/NIST.FIPS.199\">FIPS-199</a>."
136    */
137   @BoundField(
138       formalName = "Security Sensitivity Level",
139       description = "The overall information system sensitivity categorization, such as defined by [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199).",
140       useName = "security-sensitivity-level",
141       remarks = "Often, organizations require the security sensitivity level to correspond with the highest confidentiality, integrity, or availability level identified by `security-impact-level`."
142   )
143   private String _securitySensitivityLevel;
144 
145   @BoundAssembly(
146       formalName = "System Information",
147       description = "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
148       useName = "system-information",
149       minOccurs = 1
150   )
151   private SystemInformation _systemInformation;
152 
153   @BoundAssembly(
154       formalName = "Security Impact Level",
155       description = "The overall level of expected impact resulting from unauthorized disclosure, modification, or loss of access to information.",
156       useName = "security-impact-level"
157   )
158   private SecurityImpactLevel _securityImpactLevel;
159 
160   @BoundAssembly(
161       formalName = "Status",
162       description = "Describes the operational status of the system.",
163       useName = "status",
164       minOccurs = 1
165   )
166   private Status _status;
167 
168   @BoundAssembly(
169       formalName = "Authorization Boundary",
170       description = "A description of this system's authorization boundary, optionally supplemented by diagrams that illustrate the authorization boundary.",
171       useName = "authorization-boundary",
172       minOccurs = 1
173   )
174   private AuthorizationBoundary _authorizationBoundary;
175 
176   @BoundAssembly(
177       formalName = "Network Architecture",
178       description = "A description of the system's network architecture, optionally supplemented by diagrams that illustrate the network architecture.",
179       useName = "network-architecture"
180   )
181   private NetworkArchitecture _networkArchitecture;
182 
183   @BoundAssembly(
184       formalName = "Data Flow",
185       description = "A description of the logical flow of information within the system and across its boundaries, optionally supplemented by diagrams that illustrate these flows.",
186       useName = "data-flow"
187   )
188   private DataFlow _dataFlow;
189 
190   @BoundAssembly(
191       formalName = "Responsible Party",
192       description = "A reference to a set of persons and/or organizations that have responsibility for performing the referenced role in the context of the containing object.",
193       useName = "responsible-party",
194       maxOccurs = -1
195   )
196   @GroupAs(
197       name = "responsible-parties",
198       inJson = JsonGroupAsBehavior.LIST
199   )
200   private List<ResponsibleParty> _responsibleParties;
201 
202   @BoundField(
203       formalName = "Remarks",
204       description = "Additional commentary about the containing object.",
205       useName = "remarks"
206   )
207   @BoundFieldValue(
208       typeAdapter = MarkupMultilineAdapter.class
209   )
210   private MarkupMultiline _remarks;
211 
212   public SystemCharacteristics() {
213   }
214 
215   public List<SystemId> getSystemIds() {
216     return _systemIds;
217   }
218 
219   public void setSystemIds(List<SystemId> value) {
220     _systemIds = value;
221   }
222 
223   /**
224    * Add a new {@link SystemId} item to the underlying collection.
225    * @param item the item to add
226    * @return {@code true}
227    */
228   public boolean addSystemId(SystemId item) {
229     SystemId value = ObjectUtils.requireNonNull(item,"item cannot be null");
230     if (_systemIds == null) {
231       _systemIds = new LinkedList<>();
232     }
233     return _systemIds.add(value);
234   }
235 
236   /**
237    * Remove the first matching {@link SystemId} item from the underlying collection.
238    * @param item the item to remove
239    * @return {@code true} if the item was removed or {@code false} otherwise
240    */
241   public boolean removeSystemId(SystemId item) {
242     SystemId value = ObjectUtils.requireNonNull(item,"item cannot be null");
243     return _systemIds == null ? false : _systemIds.remove(value);
244   }
245 
246   public String getSystemName() {
247     return _systemName;
248   }
249 
250   public void setSystemName(String value) {
251     _systemName = value;
252   }
253 
254   public String getSystemNameShort() {
255     return _systemNameShort;
256   }
257 
258   public void setSystemNameShort(String value) {
259     _systemNameShort = value;
260   }
261 
262   public MarkupMultiline getDescription() {
263     return _description;
264   }
265 
266   public void setDescription(MarkupMultiline value) {
267     _description = value;
268   }
269 
270   public List<Property> getProps() {
271     return _props;
272   }
273 
274   public void setProps(List<Property> value) {
275     _props = value;
276   }
277 
278   /**
279    * Add a new {@link Property} item to the underlying collection.
280    * @param item the item to add
281    * @return {@code true}
282    */
283   public boolean addProp(Property item) {
284     Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
285     if (_props == null) {
286       _props = new LinkedList<>();
287     }
288     return _props.add(value);
289   }
290 
291   /**
292    * Remove the first matching {@link Property} item from the underlying collection.
293    * @param item the item to remove
294    * @return {@code true} if the item was removed or {@code false} otherwise
295    */
296   public boolean removeProp(Property item) {
297     Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
298     return _props == null ? false : _props.remove(value);
299   }
300 
301   public List<Link> getLinks() {
302     return _links;
303   }
304 
305   public void setLinks(List<Link> value) {
306     _links = value;
307   }
308 
309   /**
310    * Add a new {@link Link} item to the underlying collection.
311    * @param item the item to add
312    * @return {@code true}
313    */
314   public boolean addLink(Link item) {
315     Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
316     if (_links == null) {
317       _links = new LinkedList<>();
318     }
319     return _links.add(value);
320   }
321 
322   /**
323    * Remove the first matching {@link Link} item from the underlying collection.
324    * @param item the item to remove
325    * @return {@code true} if the item was removed or {@code false} otherwise
326    */
327   public boolean removeLink(Link item) {
328     Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
329     return _links == null ? false : _links.remove(value);
330   }
331 
332   public Date getDateAuthorized() {
333     return _dateAuthorized;
334   }
335 
336   public void setDateAuthorized(Date value) {
337     _dateAuthorized = value;
338   }
339 
340   public String getSecuritySensitivityLevel() {
341     return _securitySensitivityLevel;
342   }
343 
344   public void setSecuritySensitivityLevel(String value) {
345     _securitySensitivityLevel = value;
346   }
347 
348   public SystemInformation getSystemInformation() {
349     return _systemInformation;
350   }
351 
352   public void setSystemInformation(SystemInformation value) {
353     _systemInformation = value;
354   }
355 
356   public SecurityImpactLevel getSecurityImpactLevel() {
357     return _securityImpactLevel;
358   }
359 
360   public void setSecurityImpactLevel(SecurityImpactLevel value) {
361     _securityImpactLevel = value;
362   }
363 
364   public Status getStatus() {
365     return _status;
366   }
367 
368   public void setStatus(Status value) {
369     _status = value;
370   }
371 
372   public AuthorizationBoundary getAuthorizationBoundary() {
373     return _authorizationBoundary;
374   }
375 
376   public void setAuthorizationBoundary(AuthorizationBoundary value) {
377     _authorizationBoundary = value;
378   }
379 
380   public NetworkArchitecture getNetworkArchitecture() {
381     return _networkArchitecture;
382   }
383 
384   public void setNetworkArchitecture(NetworkArchitecture value) {
385     _networkArchitecture = value;
386   }
387 
388   public DataFlow getDataFlow() {
389     return _dataFlow;
390   }
391 
392   public void setDataFlow(DataFlow value) {
393     _dataFlow = value;
394   }
395 
396   public List<ResponsibleParty> getResponsibleParties() {
397     return _responsibleParties;
398   }
399 
400   public void setResponsibleParties(List<ResponsibleParty> value) {
401     _responsibleParties = value;
402   }
403 
404   /**
405    * Add a new {@link ResponsibleParty} item to the underlying collection.
406    * @param item the item to add
407    * @return {@code true}
408    */
409   public boolean addResponsibleParty(ResponsibleParty item) {
410     ResponsibleParty value = ObjectUtils.requireNonNull(item,"item cannot be null");
411     if (_responsibleParties == null) {
412       _responsibleParties = new LinkedList<>();
413     }
414     return _responsibleParties.add(value);
415   }
416 
417   /**
418    * Remove the first matching {@link ResponsibleParty} item from the underlying collection.
419    * @param item the item to remove
420    * @return {@code true} if the item was removed or {@code false} otherwise
421    */
422   public boolean removeResponsibleParty(ResponsibleParty item) {
423     ResponsibleParty value = ObjectUtils.requireNonNull(item,"item cannot be null");
424     return _responsibleParties == null ? false : _responsibleParties.remove(value);
425   }
426 
427   public MarkupMultiline getRemarks() {
428     return _remarks;
429   }
430 
431   public void setRemarks(MarkupMultiline value) {
432     _remarks = value;
433   }
434 
435   @Override
436   public String toString() {
437     return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
438   }
439 }