001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.core.datatype.adapter.TokenAdapter; 004import gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter; 005import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultiline; 006import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultilineAdapter; 007import gov.nist.secauto.metaschema.core.model.IBoundObject; 008import gov.nist.secauto.metaschema.core.model.IMetaschemaData; 009import gov.nist.secauto.metaschema.core.model.JsonGroupAsBehavior; 010import gov.nist.secauto.metaschema.core.model.constraint.IConstraint; 011import gov.nist.secauto.metaschema.core.util.ObjectUtils; 012import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValue; 013import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValues; 014import gov.nist.secauto.metaschema.databind.model.annotations.AssemblyConstraints; 015import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly; 016import gov.nist.secauto.metaschema.databind.model.annotations.BoundField; 017import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag; 018import gov.nist.secauto.metaschema.databind.model.annotations.GroupAs; 019import gov.nist.secauto.metaschema.databind.model.annotations.HasCardinality; 020import gov.nist.secauto.metaschema.databind.model.annotations.IndexHasKey; 021import gov.nist.secauto.metaschema.databind.model.annotations.IsUnique; 022import gov.nist.secauto.metaschema.databind.model.annotations.KeyField; 023import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly; 024import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints; 025import java.lang.Override; 026import java.lang.String; 027import java.util.LinkedList; 028import java.util.List; 029import java.util.UUID; 030import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 031import org.apache.commons.lang3.builder.ToStringStyle; 032 033/** 034 * Describes how the system satisfies the requirements of an individual control. 035 */ 036@MetaschemaAssembly( 037 formalName = "Control-based Requirement", 038 description = "Describes how the system satisfies the requirements of an individual control.", 039 name = "implemented-requirement", 040 moduleClass = OscalSspModule.class, 041 remarks = "Use of `set-parameter` in this context, sets the parameter for the referenced control. Any `set-parameter` defined in a child context will override this value. If not overridden by a child, this value applies in the child context.", 042 valueConstraints = @ValueConstraints(allowedValues = {@AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "control-origination", description = "Identifies the source of the implemented control. Any `control-origination` prop defined in a child context will override the parent value.")), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.|statement|.//by-component)/prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='control-origination']/@value", values = {@AllowedValue(value = "organization", description = "The control is implemented by the organization owning the system, but is not specific to the system itself."), @AllowedValue(value = "system-specific", description = "The control is implemented specifically to this system."), @AllowedValue(value = "customer-configured", description = "The control is provided by the system, but must be configured by the customer."), @AllowedValue(value = "customer-provided", description = "The control must be implemented by the customer."), @AllowedValue(value = "inherited", description = "This control is inherited from an underlying system.")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "responsible-role/@role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")})}, indexHasKey = {@IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-role-id", keyFields = @KeyField(target = "@role-id")), @IndexHasKey(level = IConstraint.Level.ERROR, target = "responsible-role|statement/responsible-role|.//by-component//responsible-role", indexName = "index-metadata-party-uuid", keyFields = @KeyField(target = "party-uuid"))}), 043 modelConstraints = @AssemblyConstraints(unique = {@IsUnique(id = "unique-ssp-implemented-requirement-set-parameter", level = IConstraint.Level.ERROR, target = "set-parameter", keyFields = @KeyField(target = "@param-id"), remarks = "Since multiple `set-parameter` entries can be provided, each parameter must be set only once."), @IsUnique(id = "unique-ssp-implemented-requirement-responsible-role", level = IConstraint.Level.ERROR, target = "responsible-role", keyFields = @KeyField(target = "@role-id"), remarks = "Since `responsible-role` associates multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once."), @IsUnique(id = "unique-ssp-implemented-requirement-statement", level = IConstraint.Level.ERROR, target = "statement", keyFields = @KeyField(target = "@statement-id"), remarks = "Since `statement` entries can be referenced using the statement's statement-id, each statement must be referenced only once."), @IsUnique(id = "unique-ssp-implemented-requirement-by-component", level = IConstraint.Level.ERROR, target = "by-component", keyFields = @KeyField(target = "@component-uuid"), remarks = "Since `by-component` can reference `component` entries using the component's uuid, each component must be referenced only once. This ensures that all implementation statements are contained in the same `by-component` entry.")}, cardinality = @HasCardinality(level = IConstraint.Level.ERROR, target = ".//by-component", minOccurs = 1)) 044) 045public class ImplementedRequirement implements IBoundObject { 046 private final IMetaschemaData __metaschemaData; 047 048 /** 049 * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this control requirement elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>control requirement</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document." 050 */ 051 @BoundFlag( 052 formalName = "Control Requirement Universally Unique Identifier", 053 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this control requirement elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `control requirement` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 054 name = "uuid", 055 required = true, 056 typeAdapter = UuidAdapter.class 057 ) 058 private UUID _uuid; 059 060 /** 061 * "A reference to a control with a corresponding <code>id</code> value. When referencing an externally defined <code>control</code>, the <code>Control Identifier Reference</code> must be used in the context of the external / imported OSCAL instance (e.g., uri-reference)." 062 */ 063 @BoundFlag( 064 formalName = "Control Identifier Reference", 065 description = "A reference to a control with a corresponding `id` value. When referencing an externally defined `control`, the `Control Identifier Reference` must be used in the context of the external / imported OSCAL instance (e.g., uri-reference).", 066 name = "control-id", 067 required = true, 068 typeAdapter = TokenAdapter.class 069 ) 070 private String _controlId; 071 072 @BoundAssembly( 073 formalName = "Property", 074 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 075 useName = "prop", 076 maxOccurs = -1, 077 groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST) 078 ) 079 private List<Property> _props; 080 081 @BoundAssembly( 082 formalName = "Link", 083 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 084 useName = "link", 085 maxOccurs = -1, 086 groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST) 087 ) 088 private List<Link> _links; 089 090 @BoundAssembly( 091 formalName = "Set Parameter Value", 092 description = "Identifies the parameter that will be set by the enclosed value.", 093 useName = "set-parameter", 094 maxOccurs = -1, 095 groupAs = @GroupAs(name = "set-parameters", inJson = JsonGroupAsBehavior.LIST) 096 ) 097 private List<SetParameter> _setParameters; 098 099 @BoundAssembly( 100 formalName = "Responsible Role", 101 description = "A reference to a role with responsibility for performing a function relative to the containing object, optionally associated with a set of persons and/or organizations that perform that role.", 102 useName = "responsible-role", 103 maxOccurs = -1, 104 groupAs = @GroupAs(name = "responsible-roles", inJson = JsonGroupAsBehavior.LIST) 105 ) 106 private List<ResponsibleRole> _responsibleRoles; 107 108 @BoundAssembly( 109 formalName = "Specific Control Statement", 110 description = "Identifies which statements within a control are addressed.", 111 useName = "statement", 112 maxOccurs = -1, 113 groupAs = @GroupAs(name = "statements", inJson = JsonGroupAsBehavior.LIST) 114 ) 115 private List<Statement> _statements; 116 117 @BoundAssembly( 118 formalName = "Component Control Implementation", 119 description = "Defines how the referenced component implements a set of controls.", 120 useName = "by-component", 121 maxOccurs = -1, 122 groupAs = @GroupAs(name = "by-components", inJson = JsonGroupAsBehavior.LIST) 123 ) 124 private List<ByComponent> _byComponents; 125 126 @BoundField( 127 formalName = "Remarks", 128 description = "Additional commentary about the containing object.", 129 useName = "remarks", 130 typeAdapter = MarkupMultilineAdapter.class 131 ) 132 private MarkupMultiline _remarks; 133 134 public ImplementedRequirement() { 135 this(null); 136 } 137 138 public ImplementedRequirement(IMetaschemaData data) { 139 this.__metaschemaData = data; 140 } 141 142 @Override 143 public IMetaschemaData getMetaschemaData() { 144 return __metaschemaData; 145 } 146 147 public UUID getUuid() { 148 return _uuid; 149 } 150 151 public void setUuid(UUID value) { 152 _uuid = value; 153 } 154 155 public String getControlId() { 156 return _controlId; 157 } 158 159 public void setControlId(String value) { 160 _controlId = value; 161 } 162 163 public List<Property> getProps() { 164 return _props; 165 } 166 167 public void setProps(List<Property> value) { 168 _props = value; 169 } 170 171 /** 172 * Add a new {@link Property} item to the underlying collection. 173 * @param item the item to add 174 * @return {@code true} 175 */ 176 public boolean addProp(Property item) { 177 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 178 if (_props == null) { 179 _props = new LinkedList<>(); 180 } 181 return _props.add(value); 182 } 183 184 /** 185 * Remove the first matching {@link Property} item from the underlying collection. 186 * @param item the item to remove 187 * @return {@code true} if the item was removed or {@code false} otherwise 188 */ 189 public boolean removeProp(Property item) { 190 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 191 return _props != null && _props.remove(value); 192 } 193 194 public List<Link> getLinks() { 195 return _links; 196 } 197 198 public void setLinks(List<Link> value) { 199 _links = value; 200 } 201 202 /** 203 * Add a new {@link Link} item to the underlying collection. 204 * @param item the item to add 205 * @return {@code true} 206 */ 207 public boolean addLink(Link item) { 208 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 209 if (_links == null) { 210 _links = new LinkedList<>(); 211 } 212 return _links.add(value); 213 } 214 215 /** 216 * Remove the first matching {@link Link} item from the underlying collection. 217 * @param item the item to remove 218 * @return {@code true} if the item was removed or {@code false} otherwise 219 */ 220 public boolean removeLink(Link item) { 221 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 222 return _links != null && _links.remove(value); 223 } 224 225 public List<SetParameter> getSetParameters() { 226 return _setParameters; 227 } 228 229 public void setSetParameters(List<SetParameter> value) { 230 _setParameters = value; 231 } 232 233 /** 234 * Add a new {@link SetParameter} item to the underlying collection. 235 * @param item the item to add 236 * @return {@code true} 237 */ 238 public boolean addSetParameter(SetParameter item) { 239 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null"); 240 if (_setParameters == null) { 241 _setParameters = new LinkedList<>(); 242 } 243 return _setParameters.add(value); 244 } 245 246 /** 247 * Remove the first matching {@link SetParameter} item from the underlying collection. 248 * @param item the item to remove 249 * @return {@code true} if the item was removed or {@code false} otherwise 250 */ 251 public boolean removeSetParameter(SetParameter item) { 252 SetParameter value = ObjectUtils.requireNonNull(item,"item cannot be null"); 253 return _setParameters != null && _setParameters.remove(value); 254 } 255 256 public List<ResponsibleRole> getResponsibleRoles() { 257 return _responsibleRoles; 258 } 259 260 public void setResponsibleRoles(List<ResponsibleRole> value) { 261 _responsibleRoles = value; 262 } 263 264 /** 265 * Add a new {@link ResponsibleRole} item to the underlying collection. 266 * @param item the item to add 267 * @return {@code true} 268 */ 269 public boolean addResponsibleRole(ResponsibleRole item) { 270 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 271 if (_responsibleRoles == null) { 272 _responsibleRoles = new LinkedList<>(); 273 } 274 return _responsibleRoles.add(value); 275 } 276 277 /** 278 * Remove the first matching {@link ResponsibleRole} item from the underlying collection. 279 * @param item the item to remove 280 * @return {@code true} if the item was removed or {@code false} otherwise 281 */ 282 public boolean removeResponsibleRole(ResponsibleRole item) { 283 ResponsibleRole value = ObjectUtils.requireNonNull(item,"item cannot be null"); 284 return _responsibleRoles != null && _responsibleRoles.remove(value); 285 } 286 287 public List<Statement> getStatements() { 288 return _statements; 289 } 290 291 public void setStatements(List<Statement> value) { 292 _statements = value; 293 } 294 295 /** 296 * Add a new {@link Statement} item to the underlying collection. 297 * @param item the item to add 298 * @return {@code true} 299 */ 300 public boolean addStatement(Statement item) { 301 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null"); 302 if (_statements == null) { 303 _statements = new LinkedList<>(); 304 } 305 return _statements.add(value); 306 } 307 308 /** 309 * Remove the first matching {@link Statement} item from the underlying collection. 310 * @param item the item to remove 311 * @return {@code true} if the item was removed or {@code false} otherwise 312 */ 313 public boolean removeStatement(Statement item) { 314 Statement value = ObjectUtils.requireNonNull(item,"item cannot be null"); 315 return _statements != null && _statements.remove(value); 316 } 317 318 public List<ByComponent> getByComponents() { 319 return _byComponents; 320 } 321 322 public void setByComponents(List<ByComponent> value) { 323 _byComponents = value; 324 } 325 326 /** 327 * Add a new {@link ByComponent} item to the underlying collection. 328 * @param item the item to add 329 * @return {@code true} 330 */ 331 public boolean addByComponent(ByComponent item) { 332 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 333 if (_byComponents == null) { 334 _byComponents = new LinkedList<>(); 335 } 336 return _byComponents.add(value); 337 } 338 339 /** 340 * Remove the first matching {@link ByComponent} item from the underlying collection. 341 * @param item the item to remove 342 * @return {@code true} if the item was removed or {@code false} otherwise 343 */ 344 public boolean removeByComponent(ByComponent item) { 345 ByComponent value = ObjectUtils.requireNonNull(item,"item cannot be null"); 346 return _byComponents != null && _byComponents.remove(value); 347 } 348 349 public MarkupMultiline getRemarks() { 350 return _remarks; 351 } 352 353 public void setRemarks(MarkupMultiline value) { 354 _remarks = value; 355 } 356 357 @Override 358 public String toString() { 359 return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString(); 360 } 361}