1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
9 import gov.nist.secauto.metaschema.binding.model.annotations.Expect;
10 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
11 import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey;
12 import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
13 import gov.nist.secauto.metaschema.binding.model.annotations.Matches;
14 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
15 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
16 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
17 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
18 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriAdapter;
19 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UriReferenceAdapter;
20 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
21 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
22 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
23 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
24 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
25 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
26 import java.lang.Override;
27 import java.lang.String;
28 import java.net.URI;
29 import java.util.LinkedList;
30 import java.util.List;
31 import java.util.UUID;
32 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
33 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
34
35
36
37
38 @MetaschemaAssembly(
39 formalName = "System Information",
40 description = "Contains details about all information types that are stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
41 name = "system-information",
42 metaschema = OscalSspMetaschema.class
43 )
44 @ValueConstraints(
45 allowedValues = {
46 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "privacy-designation", description = "Is this a privacy sensitive system? yes or no")),
47 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privacy-designation']/@value", values = {@AllowedValue(value = "yes", description = "The system is privacy sensitive."), @AllowedValue(value = "no", description = "The system is not privacy sensitive.")}),
48 @AllowedValues(level = IConstraint.Level.ERROR, target = "link/@rel", allowOthers = true, values = @AllowedValue(value = "privacy-impact-assessment", description = "A link to the privacy impact assessment.")),
49 @AllowedValues(level = IConstraint.Level.ERROR, target = "information-type/(confidentiality-impact|integrity-impact|availability-impact)/(base|selected)", allowOthers = true, values = {@AllowedValue(value = "fips-199-low", description = "A 'low' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-moderate", description = "A 'moderate' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199)."), @AllowedValue(value = "fips-199-high", description = "A 'high' sensitivity level as defined in [FIPS-199](https://doi.org/10.6028/NIST.FIPS.199).")}, remarks = "FIPS-199 taxonomy is provided here as a starting point. We will provide other taxonomies based on community requests.")
50 },
51 indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment' and starts-with(@href,'#')]", indexName = "index-back-matter-resource", keyFields = @KeyField(target = "@href", pattern = "#(.*)")),
52 matches = {
53 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[starts-with(.,'#')]", typeAdapter = UriReferenceAdapter.class),
54 @Matches(level = IConstraint.Level.ERROR, target = "link[@rel='privacy-impact-assessment']/@href[not(starts-with(.,'#'))]", typeAdapter = UriAdapter.class)
55 }
56 )
57 public class SystemInformation {
58 @BoundAssembly(
59 formalName = "Property",
60 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
61 useName = "prop",
62 maxOccurs = -1
63 )
64 @GroupAs(
65 name = "props",
66 inJson = JsonGroupAsBehavior.LIST
67 )
68 private List<Property> _props;
69
70 @BoundAssembly(
71 formalName = "Link",
72 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
73 useName = "link",
74 maxOccurs = -1
75 )
76 @GroupAs(
77 name = "links",
78 inJson = JsonGroupAsBehavior.LIST
79 )
80 private List<Link> _links;
81
82
83
84
85 @BoundAssembly(
86 formalName = "Information Type",
87 description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
88 useName = "information-type",
89 minOccurs = 1,
90 maxOccurs = -1
91 )
92 @GroupAs(
93 name = "information-types",
94 inJson = JsonGroupAsBehavior.LIST
95 )
96 private List<InformationType> _informationTypes;
97
98 public SystemInformation() {
99 }
100
101 public List<Property> getProps() {
102 return _props;
103 }
104
105 public void setProps(List<Property> value) {
106 _props = value;
107 }
108
109
110
111
112
113
114 public boolean addProp(Property item) {
115 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
116 if (_props == null) {
117 _props = new LinkedList<>();
118 }
119 return _props.add(value);
120 }
121
122
123
124
125
126
127 public boolean removeProp(Property item) {
128 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
129 return _props == null ? false : _props.remove(value);
130 }
131
132 public List<Link> getLinks() {
133 return _links;
134 }
135
136 public void setLinks(List<Link> value) {
137 _links = value;
138 }
139
140
141
142
143
144
145 public boolean addLink(Link item) {
146 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
147 if (_links == null) {
148 _links = new LinkedList<>();
149 }
150 return _links.add(value);
151 }
152
153
154
155
156
157
158 public boolean removeLink(Link item) {
159 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
160 return _links == null ? false : _links.remove(value);
161 }
162
163 public List<InformationType> getInformationTypes() {
164 return _informationTypes;
165 }
166
167 public void setInformationTypes(List<InformationType> value) {
168 _informationTypes = value;
169 }
170
171
172
173
174
175
176 public boolean addInformationType(InformationType item) {
177 InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null");
178 if (_informationTypes == null) {
179 _informationTypes = new LinkedList<>();
180 }
181 return _informationTypes.add(value);
182 }
183
184
185
186
187
188
189 public boolean removeInformationType(InformationType item) {
190 InformationType value = ObjectUtils.requireNonNull(item,"item cannot be null");
191 return _informationTypes == null ? false : _informationTypes.remove(value);
192 }
193
194 @Override
195 public String toString() {
196 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
197 }
198
199
200
201
202 @MetaschemaAssembly(
203 formalName = "Information Type",
204 description = "Contains details about one information type that is stored, processed, or transmitted by the system, such as privacy information, and those defined in [NIST SP 800-60](https://doi.org/10.6028/NIST.SP.800-60v2r1).",
205 name = "information-type",
206 metaschema = OscalSspMetaschema.class
207 )
208 @ValueConstraints(
209 expect = @Expect(level = IConstraint.Level.WARNING, test = "@uuid", message = "It is a best practice to provide a UUID.")
210 )
211 public static class InformationType {
212 @BoundFlag(
213 formalName = "Information Type Universally Unique Identifier",
214 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this information type elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `information type` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
215 useName = "uuid",
216 typeAdapter = UuidAdapter.class
217 )
218 private UUID _uuid;
219
220
221
222
223 @BoundField(
224 formalName = "title field",
225 description = "A human readable name for the information type. This title should be meaningful within the context of the system.",
226 useName = "title",
227 minOccurs = 1
228 )
229 @BoundFieldValue(
230 typeAdapter = MarkupLineAdapter.class
231 )
232 private MarkupLine _title;
233
234
235
236
237 @BoundField(
238 formalName = "Information Type Description",
239 description = "A summary of how this information type is used within the system.",
240 useName = "description",
241 minOccurs = 1
242 )
243 @BoundFieldValue(
244 typeAdapter = MarkupMultilineAdapter.class
245 )
246 private MarkupMultiline _description;
247
248
249
250
251 @BoundAssembly(
252 formalName = "Information Type Categorization",
253 description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.",
254 useName = "categorization",
255 maxOccurs = -1
256 )
257 @GroupAs(
258 name = "categorizations",
259 inJson = JsonGroupAsBehavior.LIST
260 )
261 private List<Categorization> _categorizations;
262
263 @BoundAssembly(
264 formalName = "Property",
265 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
266 useName = "prop",
267 maxOccurs = -1
268 )
269 @GroupAs(
270 name = "props",
271 inJson = JsonGroupAsBehavior.LIST
272 )
273 private List<Property> _props;
274
275 @BoundAssembly(
276 formalName = "Link",
277 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
278 useName = "link",
279 maxOccurs = -1
280 )
281 @GroupAs(
282 name = "links",
283 inJson = JsonGroupAsBehavior.LIST
284 )
285 private List<Link> _links;
286
287
288
289
290 @BoundAssembly(
291 formalName = "Confidentiality Impact Level",
292 description = "The expected level of impact resulting from the unauthorized disclosure of the described information.",
293 useName = "confidentiality-impact"
294 )
295 private Impact _confidentialityImpact;
296
297
298
299
300 @BoundAssembly(
301 formalName = "Integrity Impact Level",
302 description = "The expected level of impact resulting from the unauthorized modification of the described information.",
303 useName = "integrity-impact"
304 )
305 private Impact _integrityImpact;
306
307
308
309
310 @BoundAssembly(
311 formalName = "Availability Impact Level",
312 description = "The expected level of impact resulting from the disruption of access to or use of the described information or the information system.",
313 useName = "availability-impact"
314 )
315 private Impact _availabilityImpact;
316
317 public InformationType() {
318 }
319
320 public UUID getUuid() {
321 return _uuid;
322 }
323
324 public void setUuid(UUID value) {
325 _uuid = value;
326 }
327
328 public MarkupLine getTitle() {
329 return _title;
330 }
331
332 public void setTitle(MarkupLine value) {
333 _title = value;
334 }
335
336 public MarkupMultiline getDescription() {
337 return _description;
338 }
339
340 public void setDescription(MarkupMultiline value) {
341 _description = value;
342 }
343
344 public List<Categorization> getCategorizations() {
345 return _categorizations;
346 }
347
348 public void setCategorizations(List<Categorization> value) {
349 _categorizations = value;
350 }
351
352
353
354
355
356
357 public boolean addCategorization(Categorization item) {
358 Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null");
359 if (_categorizations == null) {
360 _categorizations = new LinkedList<>();
361 }
362 return _categorizations.add(value);
363 }
364
365
366
367
368
369
370 public boolean removeCategorization(Categorization item) {
371 Categorization value = ObjectUtils.requireNonNull(item,"item cannot be null");
372 return _categorizations == null ? false : _categorizations.remove(value);
373 }
374
375 public List<Property> getProps() {
376 return _props;
377 }
378
379 public void setProps(List<Property> value) {
380 _props = value;
381 }
382
383
384
385
386
387
388 public boolean addProp(Property item) {
389 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
390 if (_props == null) {
391 _props = new LinkedList<>();
392 }
393 return _props.add(value);
394 }
395
396
397
398
399
400
401 public boolean removeProp(Property item) {
402 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
403 return _props == null ? false : _props.remove(value);
404 }
405
406 public List<Link> getLinks() {
407 return _links;
408 }
409
410 public void setLinks(List<Link> value) {
411 _links = value;
412 }
413
414
415
416
417
418
419 public boolean addLink(Link item) {
420 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
421 if (_links == null) {
422 _links = new LinkedList<>();
423 }
424 return _links.add(value);
425 }
426
427
428
429
430
431
432 public boolean removeLink(Link item) {
433 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
434 return _links == null ? false : _links.remove(value);
435 }
436
437 public Impact getConfidentialityImpact() {
438 return _confidentialityImpact;
439 }
440
441 public void setConfidentialityImpact(Impact value) {
442 _confidentialityImpact = value;
443 }
444
445 public Impact getIntegrityImpact() {
446 return _integrityImpact;
447 }
448
449 public void setIntegrityImpact(Impact value) {
450 _integrityImpact = value;
451 }
452
453 public Impact getAvailabilityImpact() {
454 return _availabilityImpact;
455 }
456
457 public void setAvailabilityImpact(Impact value) {
458 _availabilityImpact = value;
459 }
460
461 @Override
462 public String toString() {
463 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
464 }
465
466
467
468
469 @MetaschemaAssembly(
470 formalName = "Information Type Categorization",
471 description = "A set of information type identifiers qualified by the given identification `system` used, such as NIST SP 800-60.",
472 name = "categorization",
473 metaschema = OscalSspMetaschema.class
474 )
475 public static class Categorization {
476 @BoundFlag(
477 formalName = "Information Type Identification System",
478 description = "Specifies the information type identification system used.",
479 useName = "system",
480 required = true,
481 typeAdapter = UriAdapter.class,
482 remarks = "This value must be an [absolute URI](https://pages.nist.gov/OSCAL/concepts/uri-use/#absolute-uri) that serves as a [naming system identifier](https://pages.nist.gov/OSCAL/concepts/uri-use/#use-as-a-naming-system-identifier)."
483 )
484 @ValueConstraints(
485 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = @AllowedValue(value = "http://doi.org/10.6028/NIST.SP.800-60v2r1", description = "Based on the section identifiers in NIST [Special Publication 800-60 Volume II Revision 1](https://doi.org/10.6028/NIST.SP.800-60v2r1)."))
486 )
487 private URI _system;
488
489
490
491
492 @BoundField(
493 formalName = "Information Type Systematized Identifier",
494 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier qualified by the given identification `system` used, such as NIST SP 800-60. This identifier has [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope and can be used to reference this system elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). This id should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
495 useName = "information-type-id",
496 maxOccurs = -1
497 )
498 @GroupAs(
499 name = "information-type-ids",
500 inJson = JsonGroupAsBehavior.LIST
501 )
502 private List<String> _informationTypeIds;
503
504 public Categorization() {
505 }
506
507 public URI getSystem() {
508 return _system;
509 }
510
511 public void setSystem(URI value) {
512 _system = value;
513 }
514
515 public List<String> getInformationTypeIds() {
516 return _informationTypeIds;
517 }
518
519 public void setInformationTypeIds(List<String> value) {
520 _informationTypeIds = value;
521 }
522
523
524
525
526
527
528 public boolean addInformationTypeId(String item) {
529 String value = ObjectUtils.requireNonNull(item,"item cannot be null");
530 if (_informationTypeIds == null) {
531 _informationTypeIds = new LinkedList<>();
532 }
533 return _informationTypeIds.add(value);
534 }
535
536
537
538
539
540
541 public boolean removeInformationTypeId(String item) {
542 String value = ObjectUtils.requireNonNull(item,"item cannot be null");
543 return _informationTypeIds == null ? false : _informationTypeIds.remove(value);
544 }
545
546 @Override
547 public String toString() {
548 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
549 }
550 }
551 }
552 }