001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter; 004import gov.nist.secauto.metaschema.core.model.IBoundObject; 005import gov.nist.secauto.metaschema.core.model.IMetaschemaData; 006import gov.nist.secauto.metaschema.core.model.constraint.IConstraint; 007import gov.nist.secauto.metaschema.databind.model.annotations.AssemblyConstraints; 008import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly; 009import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag; 010import gov.nist.secauto.metaschema.databind.model.annotations.Index; 011import gov.nist.secauto.metaschema.databind.model.annotations.IsUnique; 012import gov.nist.secauto.metaschema.databind.model.annotations.KeyField; 013import gov.nist.secauto.metaschema.databind.model.annotations.Let; 014import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly; 015import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints; 016import java.lang.Override; 017import java.lang.String; 018import java.util.UUID; 019import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 020import org.apache.commons.lang3.builder.ToStringStyle; 021 022/** 023 * A system security plan, such as those described in NIST SP 800-18. 024 */ 025@MetaschemaAssembly( 026 formalName = "System Security Plan (SSP)", 027 description = "A system security plan, such as those described in NIST SP 800-18.", 028 name = "system-security-plan", 029 moduleClass = OscalSspModule.class, 030 rootName = "system-security-plan", 031 valueConstraints = @ValueConstraints(lets = @Let(name = "all-imports", target = "resolve-profile(doc(resolve-uri(Q{http://csrc.nist.gov/ns/oscal/1.0}resolve-reference(import-profile/@href))))/catalog")), 032 modelConstraints = @AssemblyConstraints(index = {@Index(level = IConstraint.Level.ERROR, target = "control-implementation/implemented-requirement//by-component|doc(system-implementation/leveraged-authorization/link[@rel='system-security-plan']/@href)/system-security-plan/control-implementation/implemented-requirement//by-component", name = "by-component-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ssp-index-metadata-scoped-role-id", formalName = "In-Scope Role Identifiers", description = "An index of role identifiers that are in-scope for the system-securtity-plan model. Roles are collected from imported profiles and catalogs. For a given role @id, a locally declared role takes precedence over a role that is imported, the role that was last imported.", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/role ! map:entry(@id,.))?*", name = "index-imports-metadata-role-id", keyFields = @KeyField(target = "@id")), @Index(id = "oscal-ssp-index-metadata-scoped-location-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/location ! map:entry(@uuid,.))?*", name = "index-imports-metadata-location-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ssp-index-metadata-scoped-party-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/party ! map:entry(@uuid,.))?*", name = "index-imports-metadata-party-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ssp-index-metadata-scoped-party-organization-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports/metadata/party[@type='organization'] ! map:entry(@uuid,.))?*", name = "index-imports-metadata-party-organization-uuid", keyFields = @KeyField(target = "@uuid")), @Index(id = "oscal-ssp-index-metadata-scoped-property-uuid", level = IConstraint.Level.ERROR, target = "map:merge($all-imports//prop[@uuid] ! map:entry(@uuid,.))?*", name = "index-imports-metadata-property-uuid", keyFields = @KeyField(target = "@uuid"))}, unique = {@IsUnique(id = "oscal-unique-document-id", formalName = "Unique Document Identifier", description = "Ensure all document identifiers have a unique combination of @scheme and value.", level = IConstraint.Level.ERROR, target = "document-id", keyFields = {@KeyField(target = "@scheme"), @KeyField}), @IsUnique(id = "oscal-unique-property-in-context-location", formalName = "Unique Properties", description = "Ensure all properties are unique for a given location using a unique combination of @ns, @name, @class. @group. and @value.", level = IConstraint.Level.ERROR, target = ".//prop", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@name"), @KeyField(target = "@ns"), @KeyField(target = "@class"), @KeyField(target = "@group"), @KeyField(target = "@value")}), @IsUnique(id = "oscal-unique-link-in-context-location", formalName = "Unique Links", description = "Ensure all links are unique for a given location using a unique combination of @href, @rel, and @media-type.", level = IConstraint.Level.ERROR, target = ".//link", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@href"), @KeyField(target = "@rel"), @KeyField(target = "@media-type")}), @IsUnique(id = "oscal-unique-responsibility-in-context-location", formalName = "Unique Responsibilities", description = "Ensure all responsible-roles and responsible-parties are unique for a given location using a unique combination of @role-id and the combination of @party-uuid values.", level = IConstraint.Level.ERROR, target = ".//(responsible-party|responsible-role)", keyFields = {@KeyField(target = "path(..)"), @KeyField(target = "@role-id"), @KeyField(target = "@party-uuid")}, remarks = "Since `responsible-party` and `responsible-role` associate multiple `party-uuid` entries with a single `role-id`, each role-id must be referenced only once.")}) 033) 034public class SystemSecurityPlan extends AbstractOscalInstance implements IBoundObject { 035 private final IMetaschemaData __metaschemaData; 036 037 /** 038 * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this system security plan (SSP) elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>SSP</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document." 039 */ 040 @BoundFlag( 041 formalName = "System Security Plan Universally Unique Identifier", 042 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this system security plan (SSP) elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#ssp-identifiers). The locally defined *UUID* of the `SSP` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance).This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 043 name = "uuid", 044 required = true, 045 typeAdapter = UuidAdapter.class 046 ) 047 private UUID _uuid; 048 049 @BoundAssembly( 050 formalName = "Document Metadata", 051 description = "Provides information about the containing document, and defines concepts that are shared across the document.", 052 useName = "metadata", 053 minOccurs = 1 054 ) 055 private Metadata _metadata; 056 057 @BoundAssembly( 058 formalName = "Import Profile", 059 description = "Used to import the OSCAL profile representing the system's control baseline.", 060 useName = "import-profile", 061 minOccurs = 1 062 ) 063 private ImportProfile _importProfile; 064 065 @BoundAssembly( 066 formalName = "System Characteristics", 067 description = "Contains the characteristics of the system, such as its name, purpose, and security impact level.", 068 useName = "system-characteristics", 069 minOccurs = 1 070 ) 071 private SystemCharacteristics _systemCharacteristics; 072 073 @BoundAssembly( 074 formalName = "System Implementation", 075 description = "Provides information as to how the system is implemented.", 076 useName = "system-implementation", 077 minOccurs = 1 078 ) 079 private SystemImplementation _systemImplementation; 080 081 @BoundAssembly( 082 formalName = "Control Implementation", 083 description = "Describes how the system satisfies a set of controls.", 084 useName = "control-implementation", 085 minOccurs = 1 086 ) 087 private ControlImplementation _controlImplementation; 088 089 @BoundAssembly( 090 formalName = "Back matter", 091 description = "A collection of resources that may be referenced from within the OSCAL document instance.", 092 useName = "back-matter" 093 ) 094 private BackMatter _backMatter; 095 096 public SystemSecurityPlan() { 097 this(null); 098 } 099 100 public SystemSecurityPlan(IMetaschemaData data) { 101 this.__metaschemaData = data; 102 } 103 104 @Override 105 public IMetaschemaData getMetaschemaData() { 106 return __metaschemaData; 107 } 108 109 public UUID getUuid() { 110 return _uuid; 111 } 112 113 public void setUuid(UUID value) { 114 _uuid = value; 115 } 116 117 public Metadata getMetadata() { 118 return _metadata; 119 } 120 121 public void setMetadata(Metadata value) { 122 _metadata = value; 123 } 124 125 public ImportProfile getImportProfile() { 126 return _importProfile; 127 } 128 129 public void setImportProfile(ImportProfile value) { 130 _importProfile = value; 131 } 132 133 public SystemCharacteristics getSystemCharacteristics() { 134 return _systemCharacteristics; 135 } 136 137 public void setSystemCharacteristics(SystemCharacteristics value) { 138 _systemCharacteristics = value; 139 } 140 141 public SystemImplementation getSystemImplementation() { 142 return _systemImplementation; 143 } 144 145 public void setSystemImplementation(SystemImplementation value) { 146 _systemImplementation = value; 147 } 148 149 public ControlImplementation getControlImplementation() { 150 return _controlImplementation; 151 } 152 153 public void setControlImplementation(ControlImplementation value) { 154 _controlImplementation = value; 155 } 156 157 public BackMatter getBackMatter() { 158 return _backMatter; 159 } 160 161 public void setBackMatter(BackMatter value) { 162 _backMatter = value; 163 } 164 165 @Override 166 public String toString() { 167 return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString(); 168 } 169}