Package dev.metaschema.oscal.lib.model

Class Risk

java.lang.Object
dev.metaschema.oscal.lib.model.Risk
All Implemented Interfaces:
dev.metaschema.core.model.IBoundObject
@MetaschemaAssembly(formalName="Identified Risk", description="An identified risk.", name="risk", moduleClass=OscalAssessmentCommonModule.class, valueConstraints=@ValueConstraints(allowedValues=@AllowedValues(id="oscal-risk-prop-name-values",level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\')]/@name",values={@AllowedValue(value="false-positive",description="The risk has been confirmed to be a false positive."),@AllowedValue(value="accepted",description="The risk has been accepted. No further action will be taken."),@AllowedValue(value="risk-adjusted",description="The risk has been adjusted."),@AllowedValue(value="priority",description="A numeric value indicating the sequence in which risks should be addressed. (Lower numbers are higher priority)")}),matches=@Matches(id="oscal-risk-priority-datatype",level=ERROR,target="prop[has-oscal-namespace(\'http://csrc.nist.gov/ns/oscal\') and @name=\'priority\']/@value",typeAdapter=dev.metaschema.core.datatype.adapter.IntegerAdapter.class))) public class Risk extends Object implements dev.metaschema.core.model.IBoundObject
An identified risk.

  • Constructor Details

    • Risk

      public Risk()
      Constructs a new dev.metaschema.oscal.lib.model.Risk instance with no metadata.

    • Risk

      public Risk(dev.metaschema.core.model.IMetaschemaData data)
      Constructs a new dev.metaschema.oscal.lib.model.Risk instance with the specified metadata.
      Parameters:
      data - the metaschema data, or null if none

  • Method Details

    • getMetaschemaData

      public dev.metaschema.core.model.IMetaschemaData getMetaschemaData()
      Specified by:
      getMetaschemaData in interface dev.metaschema.core.model.IBoundObject

    • getUuid

      @NonNull public UUID getUuid()
      Get the "Risk Universally Unique Identifier".

      A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

      Returns:
      the uuid value

    • setUuid

      public void setUuid(@NonNull UUID value)
      Set the "Risk Universally Unique Identifier".

      A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this risk elsewhere in this or other OSCAL instances. The locally defined UUID of the risk can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.

      Parameters:
      value - the uuid value to set

    • getTitle

      @NonNull public dev.metaschema.core.datatype.markup.MarkupLine getTitle()
      Get the "Risk Title".

      The title for this risk.

      Returns:
      the title value

    • setTitle

      public void setTitle(@NonNull dev.metaschema.core.datatype.markup.MarkupLine value)
      Set the "Risk Title".

      The title for this risk.

      Parameters:
      value - the title value to set

    • getDescription

      @NonNull public dev.metaschema.core.datatype.markup.MarkupMultiline getDescription()
      Get the "Risk Description".

      A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.

      Returns:
      the description value

    • setDescription

      public void setDescription(@NonNull dev.metaschema.core.datatype.markup.MarkupMultiline value)
      Set the "Risk Description".

      A human-readable summary of the identified risk, to include a statement of how the risk impacts the system.

      Parameters:
      value - the description value to set

    • getStatement

      @NonNull public dev.metaschema.core.datatype.markup.MarkupMultiline getStatement()
      Get the "Risk Statement".

      An summary of impact for how the risk affects the system.

      Returns:
      the statement value

    • setStatement

      public void setStatement(@NonNull dev.metaschema.core.datatype.markup.MarkupMultiline value)
      Set the "Risk Statement".

      An summary of impact for how the risk affects the system.

      Parameters:
      value - the statement value to set

    • getProps

      @NonNull public List<Property> getProps()
      Get the "Property".

      An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.

      Returns:
      the prop value

    • setProps

      public void setProps(@NonNull List<Property> value)
      Set the "Property".

      An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.

      Parameters:
      value - the prop value to set

    • addProp

      public boolean addProp(Property item)
      Add a new Property item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeProp

      public boolean removeProp(Property item)
      Remove the first matching Property item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getLinks

      @NonNull public List<Link> getLinks()
      Get the "Link".

      A reference to a local or remote resource, that has a specific relation to the containing object.

      Returns:
      the link value

    • setLinks

      public void setLinks(@NonNull List<Link> value)
      Set the "Link".

      A reference to a local or remote resource, that has a specific relation to the containing object.

      Parameters:
      value - the link value to set

    • addLink

      public boolean addLink(Link item)
      Add a new Link item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeLink

      public boolean removeLink(Link item)
      Remove the first matching Link item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getStatus

      @NonNull public String getStatus()
      Get the "Risk Status".

      Describes the status of the associated risk.

      Returns:
      the status value

    • setStatus

      public void setStatus(@NonNull String value)
      Set the "Risk Status".

      Describes the status of the associated risk.

      Parameters:
      value - the status value to set

    • getOrigins

      @NonNull public List<Origin> getOrigins()
      Get the "Origin".

      Identifies the source of the finding, such as a tool, interviewed person, or activity.

      Returns:
      the origin value

    • setOrigins

      public void setOrigins(@NonNull List<Origin> value)
      Set the "Origin".

      Identifies the source of the finding, such as a tool, interviewed person, or activity.

      Parameters:
      value - the origin value to set

    • addOrigin

      public boolean addOrigin(Origin item)
      Add a new Origin item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeOrigin

      public boolean removeOrigin(Origin item)
      Remove the first matching Origin item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getThreatIds

      @NonNull public List<ThreatId> getThreatIds()
      Get the "Threat ID".

      A pointer, by ID, to an externally-defined threat.

      Returns:
      the threat-id value

    • setThreatIds

      public void setThreatIds(@NonNull List<ThreatId> value)
      Set the "Threat ID".

      A pointer, by ID, to an externally-defined threat.

      Parameters:
      value - the threat-id value to set

    • addThreatId

      public boolean addThreatId(ThreatId item)
      Add a new ThreatId item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeThreatId

      public boolean removeThreatId(ThreatId item)
      Remove the first matching ThreatId item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getCharacterizations

      @NonNull public List<Characterization> getCharacterizations()
      Get the "Characterization".

      A collection of descriptive data about the containing object from a specific origin.

      Returns:
      the characterization value

    • setCharacterizations

      public void setCharacterizations(@NonNull List<Characterization> value)
      Set the "Characterization".

      A collection of descriptive data about the containing object from a specific origin.

      Parameters:
      value - the characterization value to set

    • addCharacterization

      public boolean addCharacterization(Characterization item)
      Add a new Characterization item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeCharacterization

      public boolean removeCharacterization(Characterization item)
      Remove the first matching Characterization item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getMitigatingFactors

      @NonNull public List<Risk.MitigatingFactor> getMitigatingFactors()
      Get the "Mitigating Factor".

      Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.

      Returns:
      the mitigating-factor value

    • setMitigatingFactors

      public void setMitigatingFactors(@NonNull List<Risk.MitigatingFactor> value)
      Set the "Mitigating Factor".

      Describes an existing mitigating factor that may affect the overall determination of the risk, with an optional link to an implementation statement in the SSP.

      Parameters:
      value - the mitigating-factor value to set

    • addMitigatingFactor

      public boolean addMitigatingFactor(Risk.MitigatingFactor item)
      Add a new Risk.MitigatingFactor item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeMitigatingFactor

      public boolean removeMitigatingFactor(Risk.MitigatingFactor item)
      Remove the first matching Risk.MitigatingFactor item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getDeadline

      @Nullable public ZonedDateTime getDeadline()
      Get the "Risk Resolution Deadline".

      The date/time by which the risk must be resolved.

      Returns:
      the deadline value, or null if not set

    • setDeadline

      public void setDeadline(@Nullable ZonedDateTime value)
      Set the "Risk Resolution Deadline".

      The date/time by which the risk must be resolved.

      Parameters:
      value - the deadline value to set, or null to clear

    • getRemediations

      @NonNull public List<Response> getRemediations()
      Get the "Risk Response".

      Describes either recommended or an actual plan for addressing the risk.

      Returns:
      the response value

    • setRemediations

      public void setRemediations(@NonNull List<Response> value)
      Set the "Risk Response".

      Describes either recommended or an actual plan for addressing the risk.

      Parameters:
      value - the response value to set

    • addResponse

      public boolean addResponse(Response item)
      Add a new Response item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeResponse

      public boolean removeResponse(Response item)
      Remove the first matching Response item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • getRiskLog

      @Nullable public Risk.RiskLog getRiskLog()
      Get the "Risk Log".

      A log of all risk-related tasks taken.

      Returns:
      the risk-log value, or null if not set

    • setRiskLog

      public void setRiskLog(@Nullable Risk.RiskLog value)
      Set the "Risk Log".

      A log of all risk-related tasks taken.

      Parameters:
      value - the risk-log value to set, or null to clear

    • getRelatedObservations

      @NonNull public List<Risk.RelatedObservation> getRelatedObservations()
      Get the "Related Observation".

      Relates the finding to a set of referenced observations that were used to determine the finding.

      Returns:
      the related-observation value

    • setRelatedObservations

      public void setRelatedObservations(@NonNull List<Risk.RelatedObservation> value)
      Set the "Related Observation".

      Relates the finding to a set of referenced observations that were used to determine the finding.

      Parameters:
      value - the related-observation value to set

    • addRelatedObservation

      public boolean addRelatedObservation(Risk.RelatedObservation item)
      Add a new Risk.RelatedObservation item to the underlying collection.
      Parameters:
      item - the item to add
      Returns:
      true

    • removeRelatedObservation

      public boolean removeRelatedObservation(Risk.RelatedObservation item)
      Remove the first matching Risk.RelatedObservation item from the underlying collection.
      Parameters:
      item - the item to remove
      Returns:
      true if the item was removed or false otherwise

    • toString

      public String toString()
      Overrides:
      toString in class Object