001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter; 004import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultiline; 005import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultilineAdapter; 006import gov.nist.secauto.metaschema.core.model.IBoundObject; 007import gov.nist.secauto.metaschema.core.model.IMetaschemaData; 008import gov.nist.secauto.metaschema.core.model.JsonGroupAsBehavior; 009import gov.nist.secauto.metaschema.core.model.constraint.IConstraint; 010import gov.nist.secauto.metaschema.core.util.ObjectUtils; 011import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValue; 012import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValues; 013import gov.nist.secauto.metaschema.databind.model.annotations.AssemblyConstraints; 014import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly; 015import gov.nist.secauto.metaschema.databind.model.annotations.BoundField; 016import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag; 017import gov.nist.secauto.metaschema.databind.model.annotations.GroupAs; 018import gov.nist.secauto.metaschema.databind.model.annotations.Index; 019import gov.nist.secauto.metaschema.databind.model.annotations.IsUnique; 020import gov.nist.secauto.metaschema.databind.model.annotations.KeyField; 021import gov.nist.secauto.metaschema.databind.model.annotations.Let; 022import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly; 023import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints; 024import java.lang.Override; 025import java.lang.String; 026import java.util.LinkedList; 027import java.util.List; 028import java.util.UUID; 029import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 030import org.apache.commons.lang3.builder.ToStringStyle; 031 032/** 033 * An assessment plan, such as those provided by a FedRAMP assessor. 034 */ 035@MetaschemaAssembly( 036 formalName = "Security Assessment Plan (SAP)", 037 description = "An assessment plan, such as those provided by a FedRAMP assessor.", 038 name = "assessment-plan", 039 moduleClass = OscalApModule.class, 040 rootName = "assessment-plan", 041 valueConstraints = @ValueConstraints(lets = @Let(name = "all-imports", target = "recurse-depth('.[import-ssp]/doc(resolve-uri(Q{http://csrc.nist.gov/ns/oscal/1.0}resolve-reference(import-ssp/@href)))/system-security-plan|.[import-profile]/resolve-profile(doc(resolve-uri(Q{http://csrc.nist.gov/ns/oscal/1.0}resolve-reference(import-profile/@href))))/catalog')")), 042 modelConstraints = @AssemblyConstraints(index = {@Index(id = "oscal-ap-index-metadata-scoped-role-id", formalName = "In-Scope Role Identifiers", description = "An index of role identifiers that are in-scope for the assessment-plan model. Roles are collected from imported system-securtity-plans, which in turn includes referenced profiles and catalogs. For a given role @id, a locally declared role takes precedence over a role that is imported, the role that was last imported.", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/role ! map:entry(@id,.))?*", name = "index-imports-metadata-role-id", keyFields = @KeyField(target = "@id")), @Index(id = "oscal-ap-index-metadata-scoped-location-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/location ! map:entry(@uuid,.))?*", name = "index-imports-metadata-location-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ap-index-metadata-scoped-party-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/party ! map:entry(@uuid,.))?*", name = "index-imports-metadata-party-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ap-index-metadata-scoped-party-organization-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/party[@type='organization'] ! map:entry(@uuid,.))?*", name = "index-imports-metadata-party-organization-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ap-index-metadata-scoped-property-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports//prop[@uuid] ! map:entry(@uuid,.))?*", name = "index-imports-metadata-property-uuid", keyFields = @KeyField(target = "@uuid"))}, unique = {@IsUnique(id = "oscal-unique-document-id", formalName = "Unique Document Identifier", description = "Ensure all document identifiers have a unique combination of @scheme and value.", level = IConstraint.Level.ERROR, target = "document-id", keyFields = {@KeyField(target = "@scheme"), @KeyField}), @IsUnique(id = "oscal-unique-property-in-context-location", formalName = "Unique Properties", description = "Ensure all properties are unique for a given location using a unique combination of @ns, @name, @class. @group. and @value.", level = IConstraint.Level.ERROR, target = ".//prop", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@name"), @KeyField(target = "@ns"), @KeyField(target = "@class"), @KeyField(target = "@group"), @KeyField(target = "@value")}), @IsUnique(id = "oscal-unique-link-in-context-location", formalName = "Unique Links", description = "Ensure all links are unique for a given location using a unique combination of @href, @rel, and @media-type.", level = IConstraint.Level.ERROR, target = ".//link", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@href"), @KeyField(target = "@rel"), @KeyField(target = "@media-type")}), @IsUnique(id = "oscal-unique-responsibility-in-context-location", formalName = "Unique Responsibilities", description = "Ensure all responsible-roles and responsible-parties are unique for a given location using a unique combination of @role-id and the combination of @party-uuid values.", level = IConstraint.Level.ERROR, target = ".//(responsible-party|responsible-role)", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@role-id"), @KeyField(target = "@party-uuid")}, remarks = "Since `responsible-party` and `responsible-role` associate multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once.")}) 043) 044public class AssessmentPlan extends AbstractOscalInstance implements IBoundObject { 045 private final IMetaschemaData __metaschemaData; 046 047 /** 048 * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this assessment plan in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#ap-identifiers\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>assessment plan</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document." 049 */ 050 @BoundFlag( 051 formalName = "Assessment Plan Universally Unique Identifier", 052 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this assessment plan in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ap-identifiers). The locally defined *UUID* of the `assessment plan` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 053 name = "uuid", 054 required = true, 055 typeAdapter = UuidAdapter.class 056 ) 057 private UUID _uuid; 058 059 @BoundAssembly( 060 formalName = "Document Metadata", 061 description = "Provides information about the containing document, and defines concepts that are shared across the document.", 062 useName = "metadata", 063 minOccurs = 1 064 ) 065 private Metadata _metadata; 066 067 @BoundAssembly( 068 formalName = "Import System Security Plan", 069 description = "Used by the assessment plan and POA\\&M to import information about the system.", 070 useName = "import-ssp", 071 remarks = "Used by the SAP to import information about the system being assessed.", 072 minOccurs = 1 073 ) 074 private ImportSsp _importSsp; 075 076 @BoundAssembly( 077 formalName = "Local Definitions", 078 description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", 079 useName = "local-definitions" 080 ) 081 private LocalDefinitions _localDefinitions; 082 083 @BoundAssembly( 084 formalName = "Assessment Plan Terms and Conditions", 085 description = "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", 086 useName = "terms-and-conditions" 087 ) 088 private TermsAndConditions _termsAndConditions; 089 090 @BoundAssembly( 091 formalName = "Reviewed Controls and Control Objectives", 092 description = "Identifies the controls being assessed and their control objectives.", 093 useName = "reviewed-controls", 094 minOccurs = 1 095 ) 096 private ReviewedControls _reviewedControls; 097 098 @BoundAssembly( 099 formalName = "Subject of Assessment", 100 description = "Identifies system elements being assessed, such as components, inventory items, and locations. In the assessment plan, this identifies a planned assessment subject. In the assessment results this is an actual assessment subject, and reflects any changes from the plan. exactly what will be the focus of this assessment. Any subjects not identified in this way are out-of-scope.", 101 useName = "assessment-subject", 102 maxOccurs = -1, 103 groupAs = @GroupAs(name = "assessment-subjects", inJson = JsonGroupAsBehavior.LIST) 104 ) 105 private List<AssessmentSubject> _assessmentSubjects; 106 107 @BoundAssembly( 108 formalName = "Assessment Assets", 109 description = "Identifies the assets used to perform this assessment, such as the assessment team, scanning tools, and assumptions.", 110 useName = "assessment-assets" 111 ) 112 private AssessmentAssets _assessmentAssets; 113 114 @BoundAssembly( 115 formalName = "Task", 116 description = "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.", 117 useName = "task", 118 maxOccurs = -1, 119 groupAs = @GroupAs(name = "tasks", inJson = JsonGroupAsBehavior.LIST) 120 ) 121 private List<Task> _tasks; 122 123 @BoundAssembly( 124 formalName = "Back matter", 125 description = "A collection of resources that may be referenced from within the OSCAL document instance.", 126 useName = "back-matter" 127 ) 128 private BackMatter _backMatter; 129 130 public AssessmentPlan() { 131 this(null); 132 } 133 134 public AssessmentPlan(IMetaschemaData data) { 135 this.__metaschemaData = data; 136 } 137 138 @Override 139 public IMetaschemaData getMetaschemaData() { 140 return __metaschemaData; 141 } 142 143 public UUID getUuid() { 144 return _uuid; 145 } 146 147 public void setUuid(UUID value) { 148 _uuid = value; 149 } 150 151 public Metadata getMetadata() { 152 return _metadata; 153 } 154 155 public void setMetadata(Metadata value) { 156 _metadata = value; 157 } 158 159 public ImportSsp getImportSsp() { 160 return _importSsp; 161 } 162 163 public void setImportSsp(ImportSsp value) { 164 _importSsp = value; 165 } 166 167 public LocalDefinitions getLocalDefinitions() { 168 return _localDefinitions; 169 } 170 171 public void setLocalDefinitions(LocalDefinitions value) { 172 _localDefinitions = value; 173 } 174 175 public TermsAndConditions getTermsAndConditions() { 176 return _termsAndConditions; 177 } 178 179 public void setTermsAndConditions(TermsAndConditions value) { 180 _termsAndConditions = value; 181 } 182 183 public ReviewedControls getReviewedControls() { 184 return _reviewedControls; 185 } 186 187 public void setReviewedControls(ReviewedControls value) { 188 _reviewedControls = value; 189 } 190 191 public List<AssessmentSubject> getAssessmentSubjects() { 192 return _assessmentSubjects; 193 } 194 195 public void setAssessmentSubjects(List<AssessmentSubject> value) { 196 _assessmentSubjects = value; 197 } 198 199 /** 200 * Add a new {@link AssessmentSubject} item to the underlying collection. 201 * @param item the item to add 202 * @return {@code true} 203 */ 204 public boolean addAssessmentSubject(AssessmentSubject item) { 205 AssessmentSubject value = ObjectUtils.requireNonNull(item,"item cannot be null"); 206 if (_assessmentSubjects == null) { 207 _assessmentSubjects = new LinkedList<>(); 208 } 209 return _assessmentSubjects.add(value); 210 } 211 212 /** 213 * Remove the first matching {@link AssessmentSubject} item from the underlying collection. 214 * @param item the item to remove 215 * @return {@code true} if the item was removed or {@code false} otherwise 216 */ 217 public boolean removeAssessmentSubject(AssessmentSubject item) { 218 AssessmentSubject value = ObjectUtils.requireNonNull(item,"item cannot be null"); 219 return _assessmentSubjects != null && _assessmentSubjects.remove(value); 220 } 221 222 public AssessmentAssets getAssessmentAssets() { 223 return _assessmentAssets; 224 } 225 226 public void setAssessmentAssets(AssessmentAssets value) { 227 _assessmentAssets = value; 228 } 229 230 public List<Task> getTasks() { 231 return _tasks; 232 } 233 234 public void setTasks(List<Task> value) { 235 _tasks = value; 236 } 237 238 /** 239 * Add a new {@link Task} item to the underlying collection. 240 * @param item the item to add 241 * @return {@code true} 242 */ 243 public boolean addTask(Task item) { 244 Task value = ObjectUtils.requireNonNull(item,"item cannot be null"); 245 if (_tasks == null) { 246 _tasks = new LinkedList<>(); 247 } 248 return _tasks.add(value); 249 } 250 251 /** 252 * Remove the first matching {@link Task} item from the underlying collection. 253 * @param item the item to remove 254 * @return {@code true} if the item was removed or {@code false} otherwise 255 */ 256 public boolean removeTask(Task item) { 257 Task value = ObjectUtils.requireNonNull(item,"item cannot be null"); 258 return _tasks != null && _tasks.remove(value); 259 } 260 261 public BackMatter getBackMatter() { 262 return _backMatter; 263 } 264 265 public void setBackMatter(BackMatter value) { 266 _backMatter = value; 267 } 268 269 @Override 270 public String toString() { 271 return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString(); 272 } 273 274 /** 275 * Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP. 276 */ 277 @MetaschemaAssembly( 278 formalName = "Local Definitions", 279 description = "Used to define data objects that are used in the assessment plan, that do not appear in the referenced SSP.", 280 name = "local-definitions", 281 moduleClass = OscalApModule.class, 282 modelConstraints = @AssemblyConstraints(unique = {@IsUnique(id = "unique-ap-local-definitions-component", level = IConstraint.Level.ERROR, target = "component", keyFields = @KeyField(target = "@uuid"), remarks = "Since multiple `component` entries can be provided, each component must have a unique `uuid`."), @IsUnique(id = "unique-ap-local-definitions-user", level = IConstraint.Level.ERROR, target = "user", keyFields = @KeyField(target = "@uuid"), remarks = "A given `uuid` must be assigned only once to a user.")}) 283 ) 284 public static class LocalDefinitions implements IBoundObject { 285 private final IMetaschemaData __metaschemaData; 286 287 @BoundAssembly( 288 formalName = "Component", 289 description = "A defined component that can be part of an implemented system.", 290 useName = "component", 291 remarks = "Used to add any components, not defined via the System Security Plan (AR-\\>AP-\\>SSP)", 292 maxOccurs = -1, 293 groupAs = @GroupAs(name = "components", inJson = JsonGroupAsBehavior.LIST) 294 ) 295 private List<SystemComponent> _components; 296 297 @BoundAssembly( 298 formalName = "Inventory Item", 299 description = "A single managed inventory item within the system.", 300 useName = "inventory-item", 301 remarks = "Used to add any inventory-items, not defined via the System Security Plan (AR-\\>AP-\\>SSP)", 302 maxOccurs = -1, 303 groupAs = @GroupAs(name = "inventory-items", inJson = JsonGroupAsBehavior.LIST) 304 ) 305 private List<InventoryItem> _inventoryItems; 306 307 @BoundAssembly( 308 formalName = "System User", 309 description = "A type of user that interacts with the system based on an associated role.", 310 useName = "user", 311 remarks = "Used to add any users, not defined via the System Security Plan (AR-\\>AP-\\>SSP)", 312 maxOccurs = -1, 313 groupAs = @GroupAs(name = "users", inJson = JsonGroupAsBehavior.LIST) 314 ) 315 private List<SystemUser> _users; 316 317 @BoundAssembly( 318 formalName = "Assessment-Specific Control Objective", 319 description = "A local definition of a control objective for this assessment. Uses catalog syntax for control objective and assessment actions.", 320 useName = "objectives-and-methods", 321 maxOccurs = -1, 322 groupAs = @GroupAs(name = "objectives-and-methods", inJson = JsonGroupAsBehavior.LIST) 323 ) 324 private List<LocalObjective> _objectivesAndMethods; 325 326 @BoundAssembly( 327 formalName = "Activity", 328 description = "Identifies an assessment or related process that can be performed. In the assessment plan, this is an intended activity which may be associated with an assessment task. In the assessment results, this an activity that was actually performed as part of an assessment.", 329 useName = "activity", 330 maxOccurs = -1, 331 groupAs = @GroupAs(name = "activities", inJson = JsonGroupAsBehavior.LIST) 332 ) 333 private List<Activity> _activities; 334 335 @BoundField( 336 formalName = "Remarks", 337 description = "Additional commentary about the containing object.", 338 useName = "remarks", 339 typeAdapter = MarkupMultilineAdapter.class 340 ) 341 private MarkupMultiline _remarks; 342 343 public LocalDefinitions() { 344 this(null); 345 } 346 347 public LocalDefinitions(IMetaschemaData data) { 348 this.__metaschemaData = data; 349 } 350 351 @Override 352 public IMetaschemaData getMetaschemaData() { 353 return __metaschemaData; 354 } 355 356 public List<SystemComponent> getComponents() { 357 return _components; 358 } 359 360 public void setComponents(List<SystemComponent> value) { 361 _components = value; 362 } 363 364 /** 365 * Add a new {@link SystemComponent} item to the underlying collection. 366 * @param item the item to add 367 * @return {@code true} 368 */ 369 public boolean addComponent(SystemComponent item) { 370 SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 371 if (_components == null) { 372 _components = new LinkedList<>(); 373 } 374 return _components.add(value); 375 } 376 377 /** 378 * Remove the first matching {@link SystemComponent} item from the underlying collection. 379 * @param item the item to remove 380 * @return {@code true} if the item was removed or {@code false} otherwise 381 */ 382 public boolean removeComponent(SystemComponent item) { 383 SystemComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 384 return _components != null && _components.remove(value); 385 } 386 387 public List<InventoryItem> getInventoryItems() { 388 return _inventoryItems; 389 } 390 391 public void setInventoryItems(List<InventoryItem> value) { 392 _inventoryItems = value; 393 } 394 395 /** 396 * Add a new {@link InventoryItem} item to the underlying collection. 397 * @param item the item to add 398 * @return {@code true} 399 */ 400 public boolean addInventoryItem(InventoryItem item) { 401 InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 402 if (_inventoryItems == null) { 403 _inventoryItems = new LinkedList<>(); 404 } 405 return _inventoryItems.add(value); 406 } 407 408 /** 409 * Remove the first matching {@link InventoryItem} item from the underlying collection. 410 * @param item the item to remove 411 * @return {@code true} if the item was removed or {@code false} otherwise 412 */ 413 public boolean removeInventoryItem(InventoryItem item) { 414 InventoryItem value = ObjectUtils.requireNonNull(item,"item cannot be null"); 415 return _inventoryItems != null && _inventoryItems.remove(value); 416 } 417 418 public List<SystemUser> getUsers() { 419 return _users; 420 } 421 422 public void setUsers(List<SystemUser> value) { 423 _users = value; 424 } 425 426 /** 427 * Add a new {@link SystemUser} item to the underlying collection. 428 * @param item the item to add 429 * @return {@code true} 430 */ 431 public boolean addUser(SystemUser item) { 432 SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null"); 433 if (_users == null) { 434 _users = new LinkedList<>(); 435 } 436 return _users.add(value); 437 } 438 439 /** 440 * Remove the first matching {@link SystemUser} item from the underlying collection. 441 * @param item the item to remove 442 * @return {@code true} if the item was removed or {@code false} otherwise 443 */ 444 public boolean removeUser(SystemUser item) { 445 SystemUser value = ObjectUtils.requireNonNull(item,"item cannot be null"); 446 return _users != null && _users.remove(value); 447 } 448 449 public List<LocalObjective> getObjectivesAndMethods() { 450 return _objectivesAndMethods; 451 } 452 453 public void setObjectivesAndMethods(List<LocalObjective> value) { 454 _objectivesAndMethods = value; 455 } 456 457 /** 458 * Add a new {@link LocalObjective} item to the underlying collection. 459 * @param item the item to add 460 * @return {@code true} 461 */ 462 public boolean addObjectivesAndMethods(LocalObjective item) { 463 LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null"); 464 if (_objectivesAndMethods == null) { 465 _objectivesAndMethods = new LinkedList<>(); 466 } 467 return _objectivesAndMethods.add(value); 468 } 469 470 /** 471 * Remove the first matching {@link LocalObjective} item from the underlying collection. 472 * @param item the item to remove 473 * @return {@code true} if the item was removed or {@code false} otherwise 474 */ 475 public boolean removeObjectivesAndMethods(LocalObjective item) { 476 LocalObjective value = ObjectUtils.requireNonNull(item,"item cannot be null"); 477 return _objectivesAndMethods != null && _objectivesAndMethods.remove(value); 478 } 479 480 public List<Activity> getActivities() { 481 return _activities; 482 } 483 484 public void setActivities(List<Activity> value) { 485 _activities = value; 486 } 487 488 /** 489 * Add a new {@link Activity} item to the underlying collection. 490 * @param item the item to add 491 * @return {@code true} 492 */ 493 public boolean addActivity(Activity item) { 494 Activity value = ObjectUtils.requireNonNull(item,"item cannot be null"); 495 if (_activities == null) { 496 _activities = new LinkedList<>(); 497 } 498 return _activities.add(value); 499 } 500 501 /** 502 * Remove the first matching {@link Activity} item from the underlying collection. 503 * @param item the item to remove 504 * @return {@code true} if the item was removed or {@code false} otherwise 505 */ 506 public boolean removeActivity(Activity item) { 507 Activity value = ObjectUtils.requireNonNull(item,"item cannot be null"); 508 return _activities != null && _activities.remove(value); 509 } 510 511 public MarkupMultiline getRemarks() { 512 return _remarks; 513 } 514 515 public void setRemarks(MarkupMultiline value) { 516 _remarks = value; 517 } 518 519 @Override 520 public String toString() { 521 return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString(); 522 } 523 } 524 525 /** 526 * Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition. 527 */ 528 @MetaschemaAssembly( 529 formalName = "Assessment Plan Terms and Conditions", 530 description = "Used to define various terms and conditions under which an assessment, described by the plan, can be performed. Each child part defines a different type of term or condition.", 531 name = "terms-and-conditions", 532 moduleClass = OscalApModule.class, 533 valueConstraints = @ValueConstraints(allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, target = "part[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "rules-of-engagement", description = "Defines the circumstances, conditions, degree, and manner in which the use of cyber-attack techniques or actions may be applied to the assessment."), @AllowedValue(value = "disclosures", description = "Any information the assessor should make known to the system owner or authorizing official. Has child 'item' parts for each individual disclosure."), @AllowedValue(value = "assessment-inclusions", description = "Defines any assessment activities which the system owner or authorizing official wishes to ensure are performed as part of the assessment."), @AllowedValue(value = "assessment-exclusions", description = "Defines any assessment activities which the system owner or authorizing official explicitly prohibits from being performed as part of the assessment."), @AllowedValue(value = "results-delivery", description = "Defines conditions related to the delivery of the assessment results, such as when to deliver, how, and to whom."), @AllowedValue(value = "assumptions", description = "Defines any supposition made by the assessor. Has child 'item' parts for each assumption."), @AllowedValue(value = "methodology", description = "An explanation of practices, procedures, and rules used in the course of the assessment.")})) 534 ) 535 public static class TermsAndConditions implements IBoundObject { 536 private final IMetaschemaData __metaschemaData; 537 538 @BoundAssembly( 539 formalName = "Assessment Part", 540 description = "A partition of an assessment plan or results or a child of another part.", 541 useName = "part", 542 maxOccurs = -1, 543 groupAs = @GroupAs(name = "parts", inJson = JsonGroupAsBehavior.LIST) 544 ) 545 private List<AssessmentPart> _parts; 546 547 public TermsAndConditions() { 548 this(null); 549 } 550 551 public TermsAndConditions(IMetaschemaData data) { 552 this.__metaschemaData = data; 553 } 554 555 @Override 556 public IMetaschemaData getMetaschemaData() { 557 return __metaschemaData; 558 } 559 560 public List<AssessmentPart> getParts() { 561 return _parts; 562 } 563 564 public void setParts(List<AssessmentPart> value) { 565 _parts = value; 566 } 567 568 /** 569 * Add a new {@link AssessmentPart} item to the underlying collection. 570 * @param item the item to add 571 * @return {@code true} 572 */ 573 public boolean addPart(AssessmentPart item) { 574 AssessmentPart value = ObjectUtils.requireNonNull(item,"item cannot be null"); 575 if (_parts == null) { 576 _parts = new LinkedList<>(); 577 } 578 return _parts.add(value); 579 } 580 581 /** 582 * Remove the first matching {@link AssessmentPart} item from the underlying collection. 583 * @param item the item to remove 584 * @return {@code true} if the item was removed or {@code false} otherwise 585 */ 586 public boolean removePart(AssessmentPart item) { 587 AssessmentPart value = ObjectUtils.requireNonNull(item,"item cannot be null"); 588 return _parts != null && _parts.remove(value); 589 } 590 591 @Override 592 public String toString() { 593 return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString(); 594 } 595 } 596}