From 1b9a51b719927a08bdab31bb1ca07dcb62678e9c Mon Sep 17 00:00:00 2001 From: Frank Suits Date: Fri, 29 Apr 2022 12:56:23 +1000 Subject: [PATCH] removed duplicate control Signed-off-by: Frank Suits --- ssp_author_demo/README.md | 4 +- .../system-security-plan.json | 2798 ++++++++--------- ssp_author_demo/test_system/ac/ac-1.md | 24 +- ssp_author_demo/test_system/ac/ac-14.md | 4 +- ssp_author_demo/test_system/ac/ac-17.md | 4 +- ssp_author_demo/test_system/ac/ac-18.md | 4 +- ssp_author_demo/test_system/ac/ac-19.md | 4 +- ssp_author_demo/test_system/ac/ac-2.md | 4 +- ssp_author_demo/test_system/ac/ac-20.md | 4 +- ssp_author_demo/test_system/ac/ac-22.md | 4 +- ssp_author_demo/test_system/ac/ac-3.md | 4 +- ssp_author_demo/test_system/ac/ac-7.md | 4 +- ssp_author_demo/test_system/ac/ac-8.md | 4 +- ssp_author_demo/test_system/at/at-1.md | 4 +- ssp_author_demo/test_system/at/at-2.2.md | 4 +- ssp_author_demo/test_system/at/at-2.md | 4 +- ssp_author_demo/test_system/at/at-3.md | 4 +- ssp_author_demo/test_system/at/at-4.md | 4 +- ssp_author_demo/test_system/au/au-1.md | 4 +- ssp_author_demo/test_system/au/au-11.md | 4 +- ssp_author_demo/test_system/au/au-12.md | 4 +- ssp_author_demo/test_system/au/au-2.md | 4 +- ssp_author_demo/test_system/au/au-3.md | 4 +- ssp_author_demo/test_system/au/au-4.md | 4 +- ssp_author_demo/test_system/au/au-5.md | 4 +- ssp_author_demo/test_system/au/au-6.md | 4 +- ssp_author_demo/test_system/au/au-8.md | 4 +- ssp_author_demo/test_system/au/au-9.md | 4 +- ssp_author_demo/test_system/ca/ca-1.md | 4 +- ssp_author_demo/test_system/ca/ca-2.md | 4 +- ssp_author_demo/test_system/ca/ca-3.md | 4 +- ssp_author_demo/test_system/ca/ca-5.md | 4 +- ssp_author_demo/test_system/ca/ca-6.md | 4 +- ssp_author_demo/test_system/ca/ca-7.4.md | 4 +- ssp_author_demo/test_system/ca/ca-7.md | 4 +- ssp_author_demo/test_system/ca/ca-9.md | 4 +- ssp_author_demo/test_system/cm/cm-1.md | 4 +- ssp_author_demo/test_system/cm/cm-10.md | 4 +- ssp_author_demo/test_system/cm/cm-11.md | 4 +- ssp_author_demo/test_system/cm/cm-2.md | 4 +- ssp_author_demo/test_system/cm/cm-4.md | 4 +- ssp_author_demo/test_system/cm/cm-5.md | 4 +- ssp_author_demo/test_system/cm/cm-6.md | 4 +- ssp_author_demo/test_system/cm/cm-7.md | 4 +- ssp_author_demo/test_system/cm/cm-8.md | 4 +- ssp_author_demo/test_system/cp/cp-1.md | 4 +- ssp_author_demo/test_system/cp/cp-10.md | 4 +- ssp_author_demo/test_system/cp/cp-2.md | 4 +- ssp_author_demo/test_system/cp/cp-3.md | 4 +- ssp_author_demo/test_system/cp/cp-4.md | 4 +- ssp_author_demo/test_system/cp/cp-9.md | 4 +- ssp_author_demo/test_system/ia/ia-1.md | 4 +- ssp_author_demo/test_system/ia/ia-11.md | 4 +- ssp_author_demo/test_system/ia/ia-2.1.md | 4 +- ssp_author_demo/test_system/ia/ia-2.12.md | 4 +- ssp_author_demo/test_system/ia/ia-2.2.md | 4 +- ssp_author_demo/test_system/ia/ia-2.8.md | 4 +- ssp_author_demo/test_system/ia/ia-2.md | 4 +- ssp_author_demo/test_system/ia/ia-4.md | 4 +- ssp_author_demo/test_system/ia/ia-5.1.md | 4 +- ssp_author_demo/test_system/ia/ia-5.md | 4 +- ssp_author_demo/test_system/ia/ia-6.md | 4 +- ssp_author_demo/test_system/ia/ia-7.md | 4 +- ssp_author_demo/test_system/ia/ia-8.1.md | 4 +- ssp_author_demo/test_system/ia/ia-8.2.md | 4 +- ssp_author_demo/test_system/ia/ia-8.4.md | 4 +- ssp_author_demo/test_system/ia/ia-8.md | 4 +- ssp_author_demo/test_system/ir/ir-1.md | 4 +- ssp_author_demo/test_system/ir/ir-2.md | 4 +- ssp_author_demo/test_system/ir/ir-4.md | 4 +- ssp_author_demo/test_system/ir/ir-5.md | 4 +- ssp_author_demo/test_system/ir/ir-6.md | 4 +- ssp_author_demo/test_system/ir/ir-7.md | 4 +- ssp_author_demo/test_system/ir/ir-8.md | 4 +- ssp_author_demo/test_system/ma/ma-1.md | 4 +- ssp_author_demo/test_system/ma/ma-2.md | 4 +- ssp_author_demo/test_system/ma/ma-4.md | 4 +- ssp_author_demo/test_system/ma/ma-5.md | 4 +- ssp_author_demo/test_system/mp/mp-1.md | 4 +- ssp_author_demo/test_system/mp/mp-2.md | 4 +- ssp_author_demo/test_system/mp/mp-6.md | 4 +- ssp_author_demo/test_system/mp/mp-7.md | 4 +- ssp_author_demo/test_system/pe/pe-1.md | 4 +- ssp_author_demo/test_system/pe/pe-12.md | 4 +- ssp_author_demo/test_system/pe/pe-13.md | 4 +- ssp_author_demo/test_system/pe/pe-14.md | 4 +- ssp_author_demo/test_system/pe/pe-15.md | 4 +- ssp_author_demo/test_system/pe/pe-16.md | 4 +- ssp_author_demo/test_system/pe/pe-2.md | 4 +- ssp_author_demo/test_system/pe/pe-3.md | 4 +- ssp_author_demo/test_system/pe/pe-6.md | 4 +- ssp_author_demo/test_system/pe/pe-8.md | 4 +- ssp_author_demo/test_system/pl/pl-1.md | 4 +- ssp_author_demo/test_system/pl/pl-10.md | 4 +- ssp_author_demo/test_system/pl/pl-11.md | 4 +- ssp_author_demo/test_system/pl/pl-2.md | 4 +- ssp_author_demo/test_system/pl/pl-4.1.md | 4 +- ssp_author_demo/test_system/pl/pl-4.md | 4 +- ssp_author_demo/test_system/ps/ps-1.md | 4 +- ssp_author_demo/test_system/ps/ps-2.md | 4 +- ssp_author_demo/test_system/ps/ps-3.md | 4 +- ssp_author_demo/test_system/ps/ps-4.md | 4 +- ssp_author_demo/test_system/ps/ps-5.md | 4 +- ssp_author_demo/test_system/ps/ps-6.md | 4 +- ssp_author_demo/test_system/ps/ps-7.md | 4 +- ssp_author_demo/test_system/ps/ps-8.md | 4 +- ssp_author_demo/test_system/ps/ps-9.md | 4 +- ssp_author_demo/test_system/ra/ra-1.md | 4 +- ssp_author_demo/test_system/ra/ra-2.md | 4 +- ssp_author_demo/test_system/ra/ra-3.1.md | 4 +- ssp_author_demo/test_system/ra/ra-3.md | 4 +- ssp_author_demo/test_system/ra/ra-5.11.md | 4 +- ssp_author_demo/test_system/ra/ra-5.2.md | 4 +- ssp_author_demo/test_system/ra/ra-5.md | 4 +- ssp_author_demo/test_system/ra/ra-7.md | 4 +- ssp_author_demo/test_system/sa/sa-1.md | 4 +- ssp_author_demo/test_system/sa/sa-2.md | 4 +- ssp_author_demo/test_system/sa/sa-22.md | 4 +- ssp_author_demo/test_system/sa/sa-3.md | 4 +- ssp_author_demo/test_system/sa/sa-4.10.md | 4 +- ssp_author_demo/test_system/sa/sa-4.md | 4 +- ssp_author_demo/test_system/sa/sa-5.md | 4 +- ssp_author_demo/test_system/sa/sa-8.md | 4 +- ssp_author_demo/test_system/sa/sa-9.md | 4 +- ssp_author_demo/test_system/sc/sc-1.md | 4 +- ssp_author_demo/test_system/sc/sc-12.md | 4 +- ssp_author_demo/test_system/sc/sc-13.md | 4 +- ssp_author_demo/test_system/sc/sc-15.md | 4 +- ssp_author_demo/test_system/sc/sc-20.md | 4 +- ssp_author_demo/test_system/sc/sc-21.md | 4 +- ssp_author_demo/test_system/sc/sc-22.md | 4 +- ssp_author_demo/test_system/sc/sc-39.md | 4 +- ssp_author_demo/test_system/sc/sc-5.md | 4 +- ssp_author_demo/test_system/sc/sc-7.md | 4 +- ssp_author_demo/test_system/si/si-1.md | 4 +- ssp_author_demo/test_system/si/si-12.md | 4 +- ssp_author_demo/test_system/si/si-2.md | 4 +- ssp_author_demo/test_system/si/si-3.md | 4 +- ssp_author_demo/test_system/si/si-4.md | 4 +- ssp_author_demo/test_system/si/si-5.md | 4 +- ssp_author_demo/test_system/sr/sr-1.md | 4 +- ssp_author_demo/test_system/sr/sr-10.md | 4 +- ssp_author_demo/test_system/sr/sr-11.1.md | 4 +- ssp_author_demo/test_system/sr/sr-11.2.md | 4 +- ssp_author_demo/test_system/sr/sr-11.md | 4 +- ssp_author_demo/test_system/sr/sr-12.md | 4 +- ssp_author_demo/test_system/sr/sr-2.1.md | 4 +- ssp_author_demo/test_system/sr/sr-2.md | 4 +- ssp_author_demo/test_system/sr/sr-3.md | 4 +- ssp_author_demo/test_system/sr/sr-5.md | 4 +- ssp_author_demo/test_system/sr/sr-8.md | 4 +- 151 files changed, 1712 insertions(+), 1706 deletions(-) diff --git a/ssp_author_demo/README.md b/ssp_author_demo/README.md index dde82eb..f77cad3 100644 --- a/ssp_author_demo/README.md +++ b/ssp_author_demo/README.md @@ -34,12 +34,12 @@ Profiles from NIST do not insert parameter values by default so the profile need - First the response documents must be generated using: - cd to the project root directory - - `trestle author ssp-generate -p 800-53-low --output test_system -s 'guidance:Control Guidance'` + - `trestle author ssp-generate -p 800-53-low --output test_system -s 'guidance:Guidance'` - `--output` puts the markdown directory tree into `./test_system` - `-s` maps named parts names to sections in catalog to the markdown document - Content for the implemented requirements can now be entered into the markdown for controls -### Creating the OSCAL catalog +### Creating the OSCAL System Security Plan - Run - `trestle author ssp-assemble -m test_system -o acme-test-system` diff --git a/ssp_author_demo/system-security-plans/acme-test-system/system-security-plan.json b/ssp_author_demo/system-security-plans/acme-test-system/system-security-plan.json index d2b8d05..10d4857 100644 --- a/ssp_author_demo/system-security-plans/acme-test-system/system-security-plan.json +++ b/ssp_author_demo/system-security-plans/acme-test-system/system-security-plan.json @@ -1,9 +1,9 @@ { "system-security-plan": { - "uuid": "f4337ba4-a060-49dd-a4d1-2b0cee331225", + "uuid": "1c0ab8c3-d589-4966-be00-317c9f8f9ad7", "metadata": { "title": "REPLACE_ME", - "last-modified": "2022-04-28T12:26:33.922163+10:00", + "last-modified": "2022-04-29T12:54:07.360473+10:00", "version": "REPLACE_ME", "oscal-version": "1.0.2" }, @@ -51,12 +51,12 @@ "system-implementation": { "users": [ { - "uuid": "a2a57960-550c-4251-a8e7-cd5fbfdacc56" + "uuid": "92c8b668-4270-4c15-9ba5-b225fb017bbf" } ], "components": [ { - "uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", + "uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", "type": "REPLACE_ME", "title": "This System", "description": "REPLACE_ME", @@ -70,38 +70,38 @@ "description": "This is the control implementation for the system.", "implemented-requirements": [ { - "uuid": "fd0487cb-e477-4564-98c4-8216c934c81f", + "uuid": "acda3393-61f4-4a79-a30f-b97cf4461f20", "control-id": "ac-1", "statements": [ { "statement-id": "ac-1_smt.a", - "uuid": "5d38c470-1a1b-4714-93a5-790ea52203d1", + "uuid": "ddbe8b0b-a0e7-40cc-905d-a3f9385d8ca7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cc5d5cf8-fbe5-4e49-8256-e100915962d5", - "description": "Add control implementation description here for item ac-1_smt.a" + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c6e641b4-cb93-4712-a700-3ca6f3beff76", + "description": "ACME CISO is responsible for setting the organisation access control policies, and in The access control policies at a global level are reviewed on an annual cycle. ACME CISO also review access control policy whenever ACME legal and/or Compliance teams identify access control obligations." } ] }, { "statement-id": "ac-1_smt.b", - "uuid": "7c707396-ab90-41e1-b7bd-d61958b9819b", + "uuid": "688bc155-b30b-4ff9-9668-3df9e1756054", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4429be0b-f302-428f-92ec-abeb2c6cbf04", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "aa8b3464-4bae-40ad-b054-4478a7fc3942", "description": "Add control implementation description here for item ac-1_smt.b" } ] }, { "statement-id": "ac-1_smt.c", - "uuid": "219a3238-9a2b-4f10-8ab3-73b82b61cc32", + "uuid": "d0eabd80-410d-405f-9c7c-9e5efcdddf4d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "186df6d1-4c95-4214-9fa6-7770f18c6e2a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "76e0105e-9b86-43e1-aa7b-a19e3c0fbca3", "description": "Add control implementation description here for item ac-1_smt.c" } ] @@ -109,137 +109,137 @@ ] }, { - "uuid": "9b32e446-b641-4ff9-bffd-be69f5ffaa08", + "uuid": "681405ed-b226-47bc-bd01-d8c83f5f6946", "control-id": "ac-2", "statements": [ { "statement-id": "ac-2_smt.a", - "uuid": "374be88c-f979-434a-b5c5-d6937f042738", + "uuid": "4ac51535-df98-488e-a3e5-d105269eba20", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e821ae4f-b1df-4066-960c-a21ec45d3beb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e1668943-493d-4660-aad2-f05dd760dadb", "description": "Add control implementation description here for item ac-2_smt.a" } ] }, { "statement-id": "ac-2_smt.b", - "uuid": "4572c47b-9125-4c8a-8f1f-b67b10ff3ed1", + "uuid": "10b9c12b-4492-4763-8a05-92c349aa9b28", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "12acffd9-9066-4628-ba1a-5c4bf48a5838", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ed0fd74b-f582-42fd-964a-1aa149d62c31", "description": "Add control implementation description here for item ac-2_smt.b" } ] }, { "statement-id": "ac-2_smt.c", - "uuid": "960919eb-1af9-4f19-b931-6b7f30204612", + "uuid": "6612f4a2-6eaa-4974-b109-a740dbfda87d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5e8ad8a7-6b20-4a16-b11d-43b8cb5f12f8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "32a23eba-e3ed-4610-9060-0cbb34b55154", "description": "Add control implementation description here for item ac-2_smt.c" } ] }, { "statement-id": "ac-2_smt.d", - "uuid": "cb5fb121-72cc-4739-acc1-8ab34b4f3878", + "uuid": "5e550d64-9e0e-49ba-af16-677018e6dd15", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c7cdf79e-5c80-4e5f-aee2-7a439cc0886b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2ce28b92-fad1-4592-a79b-f051d96ac600", "description": "Add control implementation description here for item ac-2_smt.d" } ] }, { "statement-id": "ac-2_smt.e", - "uuid": "a42f54bc-6221-4b93-96f0-f1bf2b09f616", + "uuid": "c992acce-c3bf-4762-b02b-6726c75386a2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "43c77165-8f0b-4936-ab0c-fded3b9c87c0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4b890016-d6e4-4e00-9018-cf64a6dbbfe3", "description": "Add control implementation description here for item ac-2_smt.e" } ] }, { "statement-id": "ac-2_smt.f", - "uuid": "c0f54800-c49b-46df-a1d4-117f6037beca", + "uuid": "632d4ff3-d5bf-4075-89aa-02cf2f0cd0f6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0ceba6da-f8c2-4106-9dec-328a21972240", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6edd579e-163d-4bde-bbbf-a0ee99be3d5a", "description": "Add control implementation description here for item ac-2_smt.f" } ] }, { "statement-id": "ac-2_smt.g", - "uuid": "3053cc78-ba8e-4ec5-8eef-69ca1e83a49a", + "uuid": "9c432246-56e3-4e8e-97c0-035cca730afe", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bc77f0f0-91a3-422e-957e-3153cd45acee", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e5770878-ea53-4474-95c4-22fbc0083ccb", "description": "Add control implementation description here for item ac-2_smt.g" } ] }, { "statement-id": "ac-2_smt.h", - "uuid": "022bd85a-121d-40c9-9a9d-636257865183", + "uuid": "ff7fafcf-b4ac-4d79-947f-041045657c68", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "18af1c95-9b05-4cdb-a4cb-44cfcb0ba676", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "03abb720-316d-4080-9f5f-052af2c026af", "description": "Add control implementation description here for item ac-2_smt.h" } ] }, { "statement-id": "ac-2_smt.i", - "uuid": "42f0c9f1-dff0-478c-b9be-ce76966b8090", + "uuid": "3de87fab-51eb-4a83-a645-940cd7845ff0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "281e9ed2-1e81-4882-9db1-c8292233e679", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7152bda2-5d8a-4e3d-a766-4cfd470ac294", "description": "Add control implementation description here for item ac-2_smt.i" } ] }, { "statement-id": "ac-2_smt.j", - "uuid": "93fd111f-2595-4ffc-bde5-d975483b02d8", + "uuid": "0d67acb9-9d7e-449c-a9a9-f04aa0c05521", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "608ee90a-1d33-44e8-b9ac-de18a2fe91a9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "727c302a-726f-4d18-99ce-70a95082dd41", "description": "Add control implementation description here for item ac-2_smt.j" } ] }, { "statement-id": "ac-2_smt.k", - "uuid": "a8b20cfe-bd52-4de4-aba1-aac299604c07", + "uuid": "1620126c-eac2-43a4-975f-977dbf19cde5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4a3592de-90ad-4baf-9beb-d128351cbf5a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8d5e86f4-3acf-44dc-a9fa-a23f4dcd405f", "description": "Add control implementation description here for item ac-2_smt.k" } ] }, { "statement-id": "ac-2_smt.l", - "uuid": "54dbf934-5a2c-477a-bde0-24ee3f740f27", + "uuid": "e98c5325-de67-48e2-a042-5b4715b7f90e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c6864a4e-f2d8-4af5-a5bc-2ea0c5a842b7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fc36e589-b467-41a1-b064-a85e508692b2", "description": "Add control implementation description here for item ac-2_smt.l" } ] @@ -247,16 +247,16 @@ ] }, { - "uuid": "59666390-6303-4372-b1a4-4761116eb93b", + "uuid": "5044d337-d364-462d-8368-976a13757ad0", "control-id": "ac-3", "statements": [ { "statement-id": "ac-3_smt", - "uuid": "3422287c-ce1d-4afe-896e-2a37515f63cb", + "uuid": "1ef5a663-86d1-46b9-a658-990defd1fc1b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c12e16e8-0564-4769-99fe-fd04413ceeca", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c5cae1f5-f8f1-4939-820a-dc4958189747", "description": "Add control implementation description here for control ac-3" } ] @@ -264,27 +264,27 @@ ] }, { - "uuid": "94459171-ac99-4a8e-a5dc-152a6305ec29", + "uuid": "97854476-bd42-40f4-a45a-c46e90d94b62", "control-id": "ac-7", "statements": [ { "statement-id": "ac-7_smt.a", - "uuid": "3757cbe8-e5ab-45e0-9f63-e1bea3e7e367", + "uuid": "2bd7a51d-a2d5-4f2e-94a6-1740d40a840c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "58a47c30-8544-4ff5-bd9f-6be6d1da92c1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cd9c1ae7-b2dc-4810-b263-50f4ba05700c", "description": "Add control implementation description here for item ac-7_smt.a" } ] }, { "statement-id": "ac-7_smt.b", - "uuid": "c31e1995-0dbb-4d56-a43d-1565c53907c4", + "uuid": "01f1694f-bd98-4269-9f02-e0c022b8821e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "44b21980-6879-415b-9290-9bcfb4dd1511", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "332c12b0-ddfd-45f2-9e27-4bb314648ffb", "description": "Add control implementation description here for item ac-7_smt.b" } ] @@ -292,38 +292,38 @@ ] }, { - "uuid": "653a2eda-d25d-4065-9c60-63194cc05eee", + "uuid": "1547d581-d8f7-4a9a-a077-273084c4cdc8", "control-id": "ac-8", "statements": [ { "statement-id": "ac-8_smt.a", - "uuid": "248da9c9-9a23-4682-8d0e-11f7a6c4cfa8", + "uuid": "3a871b5e-8ecc-41a5-b498-14d593c6ae5f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "886d9d11-4638-499b-8e95-8d82ce839f68", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6953bbdc-ecbc-4f90-bede-60fda1dfe01f", "description": "Add control implementation description here for item ac-8_smt.a" } ] }, { "statement-id": "ac-8_smt.b", - "uuid": "47bc59c7-b002-4c3f-bcb6-c1c3a3f4a3fd", + "uuid": "c83b983d-c7c3-48e0-98b3-ba8902693161", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "96ab5b6b-b0a3-43f9-93fc-f3c13cc18af0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b0c88ffe-0bbb-456c-8ecf-897d504dbb06", "description": "Add control implementation description here for item ac-8_smt.b" } ] }, { "statement-id": "ac-8_smt.c", - "uuid": "489424fb-47bd-425d-80cc-60e365ea5a37", + "uuid": "197e9dac-7c6d-4270-ab71-6ab6312a2939", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "16336970-6e3b-4dec-b64a-9c6f73f23649", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "59049872-450a-4459-9da8-80a109dcbd76", "description": "Add control implementation description here for item ac-8_smt.c" } ] @@ -331,27 +331,27 @@ ] }, { - "uuid": "4349a920-285a-4e8b-888c-ee3d297b324f", + "uuid": "591ea993-fead-4418-8f36-23e95b528764", "control-id": "ac-14", "statements": [ { "statement-id": "ac-14_smt.a", - "uuid": "23e732a6-884c-49e7-9296-8ad84edefc40", + "uuid": "16d28e1d-16b6-438b-add7-d1b50821ccc8", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "51bac606-2de2-48cc-bb9a-db68a9040850", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d1c0de57-4be7-4398-8ad3-88689043a572", "description": "Add control implementation description here for item ac-14_smt.a" } ] }, { "statement-id": "ac-14_smt.b", - "uuid": "39806464-21cd-46f2-beb6-0c68fed8f76c", + "uuid": "d8df05a2-6799-4320-8e94-b73806ec159c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dcc4a475-98bd-475a-9f06-b847d7acbf21", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "517d9d97-f5f5-4759-a8a4-2e9a0d6dee32", "description": "Add control implementation description here for item ac-14_smt.b" } ] @@ -359,27 +359,27 @@ ] }, { - "uuid": "d622754b-ad69-4382-866e-caecc1efb4cb", + "uuid": "905c1e28-487a-4764-89b7-2a81b7ed8a82", "control-id": "ac-17", "statements": [ { "statement-id": "ac-17_smt.a", - "uuid": "23b4fddc-7bd3-4d7d-beaa-55f0ef7c9973", + "uuid": "54db3b04-9e2e-430c-ac14-82f80e3b0866", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6848fd22-3838-497d-948d-676f8f514d55", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f0e715ac-3196-4bfc-af69-a5e8b7e99276", "description": "Add control implementation description here for item ac-17_smt.a" } ] }, { "statement-id": "ac-17_smt.b", - "uuid": "38d54880-000c-4203-b5c8-e81756a596d5", + "uuid": "e9a1c98a-cb08-48ef-bc8d-e02195c442e8", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bb66593d-fdee-425c-b624-5f9608b20933", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "01fd5203-b261-489e-aaad-ae593df71685", "description": "Add control implementation description here for item ac-17_smt.b" } ] @@ -387,27 +387,27 @@ ] }, { - "uuid": "db5fb7dc-1ad5-40dc-a651-e8ee72eb2f4e", + "uuid": "daeaa37c-ad8e-4460-8ea4-3f766c3bb21e", "control-id": "ac-18", "statements": [ { "statement-id": "ac-18_smt.a", - "uuid": "4aa87a8f-2654-4ec2-84a8-bd5a0fbcb89d", + "uuid": "25735b97-c7a5-4b9b-8feb-03be11a2633d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2a0815b2-e161-40dc-8614-819c83c9edef", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a1ac8f7b-27bc-4326-ab15-e1b397dbec51", "description": "Add control implementation description here for item ac-18_smt.a" } ] }, { "statement-id": "ac-18_smt.b", - "uuid": "9fc87752-c324-4de0-989e-5b741e4f7d26", + "uuid": "f07b3262-e85d-45ea-97da-b506c6868727", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e1b18452-a2a9-4f21-b11f-7e41db6cf406", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c5175825-1dab-4f89-a722-e6745619fa3e", "description": "Add control implementation description here for item ac-18_smt.b" } ] @@ -415,27 +415,27 @@ ] }, { - "uuid": "3e0c71bb-0dd0-427d-a2ad-bd2523c6eb24", + "uuid": "35229c2b-e907-49b4-bb87-e110bf6823d5", "control-id": "ac-19", "statements": [ { "statement-id": "ac-19_smt.a", - "uuid": "17e03628-2e04-42b1-a4a8-45c0f910b564", + "uuid": "f8ca8239-de34-4e80-b197-726eb0cea739", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c92bff8f-9793-428d-ac11-0218ca80c0ca", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5b3e3701-b71b-4d5c-8ea1-4ac981c6fc3a", "description": "Add control implementation description here for item ac-19_smt.a" } ] }, { "statement-id": "ac-19_smt.b", - "uuid": "5a8d92cc-73e1-48a1-8cac-5f84f5b9a1ca", + "uuid": "34578c1d-8507-4d12-9657-5e03e015a95b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "72539ca0-20d4-46b1-ae0a-e36611f30ab8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "20421ba2-6707-4387-9dfc-e3f15c917e7f", "description": "Add control implementation description here for item ac-19_smt.b" } ] @@ -443,27 +443,27 @@ ] }, { - "uuid": "b91bbc8c-0655-4e62-8c66-3635588487fb", + "uuid": "83dbdeac-0688-4b61-a14d-7c1b3ab1796a", "control-id": "ac-20", "statements": [ { "statement-id": "ac-20_smt.a", - "uuid": "b66f2fbd-5774-45b9-a79f-b84a69c395d1", + "uuid": "6413b7cd-0710-4b2c-b719-e420c63c581f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5e8c4ca4-c2bc-4f0e-a19b-76e03cd52641", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "da429d12-faac-4e09-ae49-97cd69ce714e", "description": "Add control implementation description here for item ac-20_smt.a" } ] }, { "statement-id": "ac-20_smt.b", - "uuid": "f4f78566-d742-4233-9048-4cd051449ac5", + "uuid": "275f1f80-d05c-4f2a-87cd-d0f1073b65c5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "71f350a0-e23d-461b-b861-4b6d40c8831e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9f7118b7-9879-4f7d-9d4f-644a66872e60", "description": "Add control implementation description here for item ac-20_smt.b" } ] @@ -471,49 +471,49 @@ ] }, { - "uuid": "f46803ad-96a2-44c6-acd4-3023a565c55e", + "uuid": "b1af7ec8-9f68-4479-877b-9cd1f5d4a83d", "control-id": "ac-22", "statements": [ { "statement-id": "ac-22_smt.a", - "uuid": "53672918-a0ee-4d05-af6b-b736f315a33c", + "uuid": "bc4e496b-8a0c-4e5d-81ec-ff5d9e5b9586", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "27dacd8a-b322-41ad-b0a3-50eb55098033", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "26a93e4d-90e7-4307-8796-1e389451e349", "description": "Add control implementation description here for item ac-22_smt.a" } ] }, { "statement-id": "ac-22_smt.b", - "uuid": "a4e1a61c-b2d8-437f-a10f-1dbd27ec4eb5", + "uuid": "07400a3e-ffa1-4ef5-b4c0-b1e46e021dca", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c43e13b5-4fce-4423-8a39-bb485700bb44", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a8825161-4a2e-423f-9fbf-e4f0f8b10728", "description": "Add control implementation description here for item ac-22_smt.b" } ] }, { "statement-id": "ac-22_smt.c", - "uuid": "8c3a71df-84d0-4293-8d7f-e95442814dd0", + "uuid": "3c350148-36b5-4891-8c69-673837c159ea", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1829b46f-508f-47c1-b628-2be54a530e9d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "86345ff2-c534-42ef-a2d5-5de3a6b3b2aa", "description": "Add control implementation description here for item ac-22_smt.c" } ] }, { "statement-id": "ac-22_smt.d", - "uuid": "322f88e2-02a0-4622-9f20-efe53d25eb90", + "uuid": "ee9144cd-7bd7-456f-b4df-c87bf47e9084", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1432de64-7b57-466c-8408-3acc226db27e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c5fac33b-d683-4856-b7c3-bda7b51978ea", "description": "Add control implementation description here for item ac-22_smt.d" } ] @@ -521,38 +521,38 @@ ] }, { - "uuid": "11f739f7-82a2-420d-8767-f2d7fe0ceb9e", + "uuid": "903e5f22-6811-4a8f-9421-1e61e91b6429", "control-id": "at-1", "statements": [ { "statement-id": "at-1_smt.a", - "uuid": "0d4b9fb2-9301-41e8-b67d-4c97e3e10a29", + "uuid": "0f0fafc0-f414-4c11-97a1-2ad41e500411", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8e1c1135-c20b-4ec6-a3d2-d97745079b78", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ceaac3e0-182a-4d6b-99ed-2121a0959438", "description": "Add control implementation description here for item at-1_smt.a" } ] }, { "statement-id": "at-1_smt.b", - "uuid": "40d49a19-6a5b-410b-a0a4-06d14c412864", + "uuid": "daa41b35-fcf7-4e1e-ad98-ae3736a099db", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "369957f3-b5c6-4160-8c76-fd9387a78fc9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c38f5419-0c67-43f2-bca6-59ad2fc55117", "description": "Add control implementation description here for item at-1_smt.b" } ] }, { "statement-id": "at-1_smt.c", - "uuid": "2de41d77-0631-47c1-9f2c-3451e7862cfe", + "uuid": "d9923b6c-8cc3-4806-8c67-048199c7b6b0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "eb47fe43-13b4-4ac9-9489-ad65cd8722d2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "41903b93-e386-492e-903b-c77f4d1e5c41", "description": "Add control implementation description here for item at-1_smt.c" } ] @@ -560,49 +560,49 @@ ] }, { - "uuid": "d38f695c-5646-4268-93c8-72ce0fd8cc5d", + "uuid": "7341469e-9aea-40f4-9bba-a58f782d96e4", "control-id": "at-2", "statements": [ { "statement-id": "at-2_smt.a", - "uuid": "92e80039-a3c9-4457-a986-39d7d2066193", + "uuid": "7ff42631-c973-4a63-b316-8148ee0e047d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b0a48bdb-437c-4feb-8abd-9fa355e70218", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "69f36561-b6cd-45df-91ec-7b537a25889b", "description": "Add control implementation description here for item at-2_smt.a" } ] }, { "statement-id": "at-2_smt.b", - "uuid": "7495ab8e-8156-4320-a28f-26e8ccb5512a", + "uuid": "2a91960a-c2fd-47ce-84d8-97d49724d702", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d9787cd5-4b0e-4a44-b47d-0b4544461f16", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "013349a6-12f7-440c-a342-7d2ae60ce84a", "description": "Add control implementation description here for item at-2_smt.b" } ] }, { "statement-id": "at-2_smt.c", - "uuid": "bec89f24-7590-4d2b-b1af-93768fbe0b53", + "uuid": "c8017e22-9306-45fd-afb4-4b0dbc1ed334", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5d4da844-129b-49b4-9099-b96ff0bf7c77", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9056fd5e-c4f6-48aa-a63d-cce32f8d6f1e", "description": "Add control implementation description here for item at-2_smt.c" } ] }, { "statement-id": "at-2_smt.d", - "uuid": "818de687-4742-4255-8afd-5fb2fb27187e", + "uuid": "f37d291a-082b-4dab-83ea-2e7ac0ab1aa7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "909b9318-9231-46ea-8d8f-8e5deffbb1a3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "355bafcc-2856-417e-9c2e-7e7e49961413", "description": "Add control implementation description here for item at-2_smt.d" } ] @@ -610,16 +610,16 @@ ] }, { - "uuid": "37986b13-7ecc-4274-82e4-e1b015815521", + "uuid": "bd979ef7-eab0-498f-894f-0716ef8e69b6", "control-id": "at-2.2", "statements": [ { "statement-id": "at-2.2_smt", - "uuid": "d3f13f44-3897-411f-b328-e050be49862a", + "uuid": "a824a9ea-ad68-433a-9aa0-2e1a4e054535", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bc0b8c36-4e75-4a79-963f-fa98d756610b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e7f44e01-61e3-4d23-a2d4-8f157207fffb", "description": "Add control implementation description here for control at-2.2" } ] @@ -627,38 +627,38 @@ ] }, { - "uuid": "9e9d6542-5b3a-44cb-953f-0133dbca50d9", + "uuid": "4e9d9d5f-6358-4da5-bfb2-b58fc67c57eb", "control-id": "at-3", "statements": [ { "statement-id": "at-3_smt.a", - "uuid": "d79aea87-8554-4360-8d45-361b32d347b7", + "uuid": "5866f8c0-b283-4946-a4a7-70cce2fb8faa", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5017b39a-e94f-4b31-be97-ce52f364226e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fa56f805-a340-4c4a-8eba-4da29bb5a4c3", "description": "Add control implementation description here for item at-3_smt.a" } ] }, { "statement-id": "at-3_smt.b", - "uuid": "c383a808-c4cc-47d1-8a7c-cf96b864b176", + "uuid": "6ce02a25-55b2-4746-9acf-97e567de59ac", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "72f21215-84d6-45a6-b56f-6eaf64c8cdc2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "30195a1a-14ef-474d-ae1a-d108f11474e1", "description": "Add control implementation description here for item at-3_smt.b" } ] }, { "statement-id": "at-3_smt.c", - "uuid": "91b487df-e70c-4f93-982a-8191f5ace83b", + "uuid": "a773b1cc-1d9e-48ff-ace1-5edf982e20b4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d1b76975-d3c2-4c26-a65a-80a06d807e28", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6709be29-4502-40a2-b059-a0376fb565dc", "description": "Add control implementation description here for item at-3_smt.c" } ] @@ -666,27 +666,27 @@ ] }, { - "uuid": "59c9465c-91a7-4953-a481-536fcf98ae83", + "uuid": "6451a258-0215-4a94-865f-34eda1ae4124", "control-id": "at-4", "statements": [ { "statement-id": "at-4_smt.a", - "uuid": "2b209147-6788-45d0-87c7-3545faaac44b", + "uuid": "776d6080-cb80-4e87-93cb-e536083c1dd0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2d41493b-a62b-49dc-9c55-a5de6dd81155", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c1422c5d-0955-41f4-bdf3-2e736a83f146", "description": "Add control implementation description here for item at-4_smt.a" } ] }, { "statement-id": "at-4_smt.b", - "uuid": "ed207fdf-9b5b-4be5-a98c-578b709e46d5", + "uuid": "a4eaab25-7f3e-45f1-b73a-aa2ba84c418f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "896ee6b2-7234-4242-a9b8-84cd4da5c1c7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "61ddb776-918c-4bf7-89e5-61ab453f5ec7", "description": "Add control implementation description here for item at-4_smt.b" } ] @@ -694,38 +694,38 @@ ] }, { - "uuid": "16c874b4-cfd7-46e1-abfd-41e190cc2e0c", + "uuid": "16d88b5b-775f-4908-af69-883c27b359fc", "control-id": "au-1", "statements": [ { "statement-id": "au-1_smt.a", - "uuid": "a35aabaf-ed71-4394-932c-657f18507d61", + "uuid": "6d904982-c0b7-4a1c-91d2-5b9bee065bc1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "50014d8e-88c7-4cd2-816c-10a2082d0551", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cf38dcc8-791c-4ea2-b7cb-b466fd822f34", "description": "Add control implementation description here for item au-1_smt.a" } ] }, { "statement-id": "au-1_smt.b", - "uuid": "b0f9f0ef-bd31-4360-bebc-92e956d58f88", + "uuid": "be485e64-5e52-4b3b-84b4-3240c01291a2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5ea83801-e958-48e1-9fba-ee7dd081bd7e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e8057443-3b85-4f20-8cd3-aeb85cea86fb", "description": "Add control implementation description here for item au-1_smt.b" } ] }, { "statement-id": "au-1_smt.c", - "uuid": "68797bc3-b653-4f18-8ef4-853152fea24b", + "uuid": "bee94845-58ab-4db4-8697-7b8a557f9d40", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cd9a9d65-b298-48d2-9418-8a9091fc5d4d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c1233c4d-caf6-424f-b240-256cbeab5676", "description": "Add control implementation description here for item au-1_smt.c" } ] @@ -733,60 +733,60 @@ ] }, { - "uuid": "2f79ab39-e983-4aaf-a5d8-985679f6996d", + "uuid": "f52909b8-a157-4f4c-8168-969e461e52ec", "control-id": "au-2", "statements": [ { "statement-id": "au-2_smt.a", - "uuid": "d1de0269-29cb-489f-8c96-f5dd8c6ce2d7", + "uuid": "424637d8-552a-4631-84e1-49ed796921d7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cc086b23-93b8-4e25-ac07-17f8d5166dd8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e8982d4e-152a-4d95-861b-5e4253698fa0", "description": "Add control implementation description here for item au-2_smt.a" } ] }, { "statement-id": "au-2_smt.b", - "uuid": "526cbc25-163f-4c6f-b10d-faf4227cf96d", + "uuid": "f1c3fc35-c924-43d9-a687-b8daccea55c5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "651a2c68-0599-4a48-be54-18b527f26468", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4408467f-16e3-439c-b46c-8a4eb5009a3f", "description": "Add control implementation description here for item au-2_smt.b" } ] }, { "statement-id": "au-2_smt.c", - "uuid": "a59a46ae-3901-47c6-80fc-675272d0dcce", + "uuid": "4eebc598-5597-43b9-b80e-52b57b4c88c2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0f279283-14ad-4467-be3d-3b338f9873fb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "aeb4198d-2b59-4f6a-b9b5-292c6781b6c2", "description": "Add control implementation description here for item au-2_smt.c" } ] }, { "statement-id": "au-2_smt.d", - "uuid": "3fc888c8-9070-464f-bfff-a64d0978d841", + "uuid": "f6f2aaee-b349-4fb5-bd87-a6f30846e2db", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9c54f878-f3a7-4a74-b064-8302f00f4fbc", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f42f76c4-409a-48c1-8966-f674a13031f7", "description": "Add control implementation description here for item au-2_smt.d" } ] }, { "statement-id": "au-2_smt.e", - "uuid": "71dc1b49-f58a-4a4c-ae6f-40fbb51eafce", + "uuid": "60b165de-7b39-470c-b268-e192012ae2f1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ec265456-fec6-4c57-9873-34e11004e84e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b600cb16-67c8-41ea-97ba-2f63de423514", "description": "Add control implementation description here for item au-2_smt.e" } ] @@ -794,71 +794,71 @@ ] }, { - "uuid": "86d4be20-2b22-4662-bdf0-94780f5fac60", + "uuid": "9f721e30-d19f-4554-8c74-4202532ab147", "control-id": "au-3", "statements": [ { "statement-id": "au-3_smt.a", - "uuid": "66f8de95-1b00-427e-8b52-3eeaa76a33d3", + "uuid": "f919571f-d8d5-4d6f-8a3d-39f8e2b7f044", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8988b560-52c4-469e-8979-faf21daec71d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a5b832a0-3c90-4744-b921-b72d645fa00a", "description": "Add control implementation description here for item au-3_smt.a" } ] }, { "statement-id": "au-3_smt.b", - "uuid": "6e52d8c1-15b2-49c3-bf00-6f3837d176d3", + "uuid": "1847034b-7699-47c8-8a65-fb8dd29ca11b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "46a1da96-16f2-4d7b-8476-20e4326e7b98", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b700895d-bf6a-449c-a883-c07c7cbd1b26", "description": "Add control implementation description here for item au-3_smt.b" } ] }, { "statement-id": "au-3_smt.c", - "uuid": "b52b39d5-bb0c-45e3-aa71-134281f829b9", + "uuid": "df9f23b7-e963-4422-9c6e-84645e12dfc0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "72d26026-79f8-44c5-9aa2-a44cc8c9641e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "94d6af20-bd13-41a8-91bf-4c60e7010c40", "description": "Add control implementation description here for item au-3_smt.c" } ] }, { "statement-id": "au-3_smt.d", - "uuid": "ffd0129d-5ed8-40d0-9c1f-fe73e8d8c9d9", + "uuid": "80e4a74e-e85d-4821-ab73-c9a8b0d773ba", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "777f6931-f67b-42c7-a35d-7767d87a94d9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d64995a0-9564-466a-a171-7aacbad42587", "description": "Add control implementation description here for item au-3_smt.d" } ] }, { "statement-id": "au-3_smt.e", - "uuid": "7ca283a2-8b06-4aa8-8aea-1dcc9be48478", + "uuid": "0157be41-3114-4cc9-bdb0-690981aefb9d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "49525c06-f606-4fe9-a5a6-08356ce5ab4e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f6f7d635-fcfe-42bf-820d-8f829f2f952e", "description": "Add control implementation description here for item au-3_smt.e" } ] }, { "statement-id": "au-3_smt.f", - "uuid": "a10026f3-611d-4ea7-89eb-5d13c36e9a5a", + "uuid": "692570e0-95ab-4e99-b2c8-6cb3caef1d94", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "07b32717-8cc0-4822-9caf-e66925548b24", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8b23ee3c-1374-48b2-b5b0-89a53098d6df", "description": "Add control implementation description here for item au-3_smt.f" } ] @@ -866,16 +866,16 @@ ] }, { - "uuid": "0bdaa690-372b-4c38-a09f-3e674dcad413", + "uuid": "896d739c-b4ed-4e47-95a0-76a24a63db4a", "control-id": "au-4", "statements": [ { "statement-id": "au-4_smt", - "uuid": "fb571984-0e92-4847-b6d7-b41603405a3c", + "uuid": "2280ff0c-c6d1-40a5-88f9-1544fed97c4d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4d497565-0850-4fdb-82a7-dbe288e19b36", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c5a60315-5292-4084-a0f0-56bd483fdef1", "description": "Add control implementation description here for control au-4" } ] @@ -883,27 +883,27 @@ ] }, { - "uuid": "c05197a8-a643-4e31-9723-e11556d6afe0", + "uuid": "9a917b63-f28d-4a80-9266-fb74c175ce9b", "control-id": "au-5", "statements": [ { "statement-id": "au-5_smt.a", - "uuid": "a9ea6752-4c55-4301-a104-d66e98e2baa5", + "uuid": "c4d4db6b-5751-46aa-8eee-c4c55211f5ae", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7b6e0453-9d7e-4635-9d77-5b930275491f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1372a5d2-a043-4c55-b4c1-6bc80156389c", "description": "Add control implementation description here for item au-5_smt.a" } ] }, { "statement-id": "au-5_smt.b", - "uuid": "ad56331e-580d-4b83-a95b-4d70e1fcd256", + "uuid": "5cc6a70a-f0d0-410d-8a02-9b6665bf4cf9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7a119f65-7a33-4324-b5cb-e9060740b7ed", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0442722b-910c-4f5f-a153-8285a66a8d1e", "description": "Add control implementation description here for item au-5_smt.b" } ] @@ -911,38 +911,38 @@ ] }, { - "uuid": "690dffc8-d089-4b5c-b9fe-0f1fd77f9072", + "uuid": "c6514f1f-1fda-44cd-a10e-02719a2ba97d", "control-id": "au-6", "statements": [ { "statement-id": "au-6_smt.a", - "uuid": "90bf4da1-7780-45cc-aafc-8b179414d1ac", + "uuid": "92d477ef-0da3-43e4-9bb7-b91ceeef5b7b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "964ddef6-8cf8-4451-b2e5-6c65c673646f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ee8caab4-87f5-48a1-90a4-24162a40c974", "description": "Add control implementation description here for item au-6_smt.a" } ] }, { "statement-id": "au-6_smt.b", - "uuid": "ddc7e48e-2378-4eb6-8846-328ec01290c0", + "uuid": "9d9a898f-ecb8-4618-81ba-d48f3a961a78", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cd2b1e9d-f010-4b5a-ae14-248a0741c9ac", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "759cdf70-e8cd-4791-a1b7-93abf54aee62", "description": "Add control implementation description here for item au-6_smt.b" } ] }, { "statement-id": "au-6_smt.c", - "uuid": "ac0d9d00-6ba0-447a-a969-fc07be1b052e", + "uuid": "55a071e6-8939-431d-b120-4ac3bc39ee0a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "63c9aa76-3bfe-4bb1-9d66-64037d432c61", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a724ebf3-ba23-48fe-8c8d-a87dc4f65c18", "description": "Add control implementation description here for item au-6_smt.c" } ] @@ -950,27 +950,27 @@ ] }, { - "uuid": "40695377-7891-4411-ad2b-2b36887727ec", + "uuid": "d5ad03ed-f4a1-4f6c-9f5c-b8e645cef58b", "control-id": "au-8", "statements": [ { "statement-id": "au-8_smt.a", - "uuid": "4b3df300-ba75-41fa-ae0b-b8ea6e4c4405", + "uuid": "a128adbc-2afb-4710-8456-428b0916657b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ac9672f6-3354-49b1-85e4-f69ea2ad30c7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "da8b44dd-f3b5-44de-a872-21f33f5165b7", "description": "Add control implementation description here for item au-8_smt.a" } ] }, { "statement-id": "au-8_smt.b", - "uuid": "198086d5-8d2b-4981-b81f-94a4f69d4da5", + "uuid": "5b8d479e-80ea-4b41-8e83-1704e1e1065d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "668ca2ba-1d02-4607-b82c-907b12401811", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "deb61682-4682-4ec8-8ed2-6d8752fbf215", "description": "Add control implementation description here for item au-8_smt.b" } ] @@ -978,27 +978,27 @@ ] }, { - "uuid": "c5758a2c-04f5-4470-86eb-bf3bd094cef9", + "uuid": "ba748869-3733-4ba3-af46-ef0fd9331402", "control-id": "au-9", "statements": [ { "statement-id": "au-9_smt.a", - "uuid": "b771e137-950f-4ba2-b309-b1473acaae19", + "uuid": "d74c5336-d0f6-41d6-a79b-4c125a55269d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "58ced3f6-d6d4-4d43-829e-7fb3bd7e63a3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fbbb40ad-9654-4d49-9fe6-54adb48b663b", "description": "Add control implementation description here for item au-9_smt.a" } ] }, { "statement-id": "au-9_smt.b", - "uuid": "3777411d-d69f-4f5c-9c89-1359616148d9", + "uuid": "b476116c-1df4-4477-a224-c16acbfdce38", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "783474e2-2cbf-4ac1-aa14-89c227fdeee8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e21e4e63-9cfb-4892-b38c-cb1e17f02f6f", "description": "Add control implementation description here for item au-9_smt.b" } ] @@ -1006,16 +1006,16 @@ ] }, { - "uuid": "a0cfcb30-ba0e-4a0b-bc08-cca3d1bc3739", + "uuid": "b6628000-1a32-427b-85fb-a333e7fc1057", "control-id": "au-11", "statements": [ { "statement-id": "au-11_smt", - "uuid": "dac3b1cd-8cda-4bca-a61e-d4d7795ef77d", + "uuid": "5b140433-f32d-4bd6-b44a-279744f6b6cd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "aebc0cf6-b04b-4793-acf1-8a5380edc50d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e10efffa-dee2-430e-9afc-a5c812444589", "description": "Add control implementation description here for control au-11" } ] @@ -1023,38 +1023,38 @@ ] }, { - "uuid": "335f8c2f-928b-416c-b452-280418a08fc5", + "uuid": "6d186c82-98ff-4803-80fc-e090ca2fc2cd", "control-id": "au-12", "statements": [ { "statement-id": "au-12_smt.a", - "uuid": "09407beb-1f1c-43a4-bd88-e87e6a738a99", + "uuid": "ce83ed98-f276-4081-ba46-1589dc43169f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4184f922-591c-45ff-ace6-a7d3ea2ef754", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "25da3675-8c52-4af9-835f-70a9ca94c2dc", "description": "Add control implementation description here for item au-12_smt.a" } ] }, { "statement-id": "au-12_smt.b", - "uuid": "60f44ac9-ee48-48f1-863e-7774196a5f52", + "uuid": "24a802b6-c8b0-48f1-bf3f-affb5e11c0d1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d742aa55-649c-4d9e-a426-9936c10c573c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c8c20e78-cb32-4f01-bb24-1f4b7f122f64", "description": "Add control implementation description here for item au-12_smt.b" } ] }, { "statement-id": "au-12_smt.c", - "uuid": "1f82c478-a44f-43da-9e1b-59aa51d864f9", + "uuid": "108e9a31-34ef-4f79-ad88-76d81c4bc75d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "84092fc6-c598-4721-85a6-9d7304e3f7a2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3fb6c02d-beda-4c49-adeb-c8f2b953b868", "description": "Add control implementation description here for item au-12_smt.c" } ] @@ -1062,38 +1062,38 @@ ] }, { - "uuid": "ac14fdcf-034f-43b6-845c-5ec1cbd049e9", + "uuid": "cb09586b-33ab-4081-be8d-b254e18c7913", "control-id": "ca-1", "statements": [ { "statement-id": "ca-1_smt.a", - "uuid": "071191f0-68e4-4eb5-8ae5-5015a07ab902", + "uuid": "6312d300-2c01-4fbc-a7e5-bdbf60c2c312", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1e6db02f-f2c1-4214-9116-95f2a8387f1b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "11191935-0b2c-495e-800e-515c1ea895ea", "description": "Add control implementation description here for item ca-1_smt.a" } ] }, { "statement-id": "ca-1_smt.b", - "uuid": "78ea607c-1322-4b70-a9f2-ea50898450cf", + "uuid": "c63407b1-ef7f-451c-98d0-3186a9232934", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "996b8e27-434a-4deb-8cef-c7093b55c188", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "834c558a-7fe3-4d51-8aa9-b7c94bf5c383", "description": "Add control implementation description here for item ca-1_smt.b" } ] }, { "statement-id": "ca-1_smt.c", - "uuid": "5682a810-57bd-4a61-84a7-c4b4968a5d8d", + "uuid": "42ec8a69-3eeb-4cf1-bac9-6cbc8509f4aa", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "36b89a75-0628-4845-b549-94ced3660972", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c57b8614-65c0-4f1c-9b1e-f0e5e05d7b42", "description": "Add control implementation description here for item ca-1_smt.c" } ] @@ -1101,71 +1101,71 @@ ] }, { - "uuid": "28ad16c4-7c35-417a-86a9-bbe0bba671ea", + "uuid": "40eeba9c-8354-43f0-afc6-a96d14487cbd", "control-id": "ca-2", "statements": [ { "statement-id": "ca-2_smt.a", - "uuid": "3dc49c8a-42c8-46ed-81bc-12426143fdee", + "uuid": "b824b4a5-5fda-4837-8672-19269da15348", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "912d7f1c-da5b-452b-9202-aff87bc051d2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ed2f2415-a4c0-422b-a069-88ae8a3dec1c", "description": "Add control implementation description here for item ca-2_smt.a" } ] }, { "statement-id": "ca-2_smt.b", - "uuid": "e1298c6c-38be-4bbd-ab64-3f52c7fcd7b7", + "uuid": "71e11449-c9e9-49fe-9b2f-d2556728908d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "46e56a25-e515-4a8c-a599-b51313340881", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ccaa84b2-0325-4c92-a618-d2945b7ae07b", "description": "Add control implementation description here for item ca-2_smt.b" } ] }, { "statement-id": "ca-2_smt.c", - "uuid": "77622175-af2b-460a-a89c-b7e860557a80", + "uuid": "39f1e720-fc8d-43e0-acf1-76ff6dce559b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3f93a306-cb75-467e-9052-61a8009362fd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ab302057-680e-4818-bbb7-0a6c0c07556f", "description": "Add control implementation description here for item ca-2_smt.c" } ] }, { "statement-id": "ca-2_smt.d", - "uuid": "38e632e4-3a53-4b18-9e1d-1f78bc5e71a1", + "uuid": "12155b08-4773-400e-9dc5-0ad4fa2ef1c2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9b4de2fc-ec13-4443-abfc-11a167a08021", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1f74f515-a074-4359-8507-9a9a5ac26933", "description": "Add control implementation description here for item ca-2_smt.d" } ] }, { "statement-id": "ca-2_smt.e", - "uuid": "05b0aff8-508f-4fae-87b2-4898e3ddcb8d", + "uuid": "1433be3c-39a1-4caa-bd52-800eae8bf48f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "61241915-b64d-440d-af2c-82b99a06f5ac", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "915abe60-6d76-41f9-ae86-d67d348edee1", "description": "Add control implementation description here for item ca-2_smt.e" } ] }, { "statement-id": "ca-2_smt.f", - "uuid": "1ddcf14b-8013-4814-9c8b-480e6368e1cf", + "uuid": "20bec4bc-49a8-46c9-ad2d-2c81d3ccdfa4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d605aa3c-a141-4f67-83df-137c22c74817", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0860b8fa-8766-4166-a689-5e9834bd0ba3", "description": "Add control implementation description here for item ca-2_smt.f" } ] @@ -1173,38 +1173,38 @@ ] }, { - "uuid": "f064db16-33e3-4a0b-ad80-8e10a9d34867", + "uuid": "05cde52a-33b2-497a-afd8-fc689b0807bf", "control-id": "ca-3", "statements": [ { "statement-id": "ca-3_smt.a", - "uuid": "8c8ec80d-521f-4fd4-8e6c-5aac62d1b3eb", + "uuid": "4b281cc1-c98c-46fe-9ad4-3a60e1f48721", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1d2c90fe-be1c-45a8-9ae6-d547c4dce8ea", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a30845cb-03bc-472a-b527-82b58c7091ab", "description": "Add control implementation description here for item ca-3_smt.a" } ] }, { "statement-id": "ca-3_smt.b", - "uuid": "17475df7-aa9f-489f-98c7-a83ca8a743fe", + "uuid": "801c2ebf-7674-4226-b449-d669ede81591", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c02eec6c-0dbd-4a27-9724-a1116e6bdcb8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9279d328-12c0-48aa-918d-5b6817569666", "description": "Add control implementation description here for item ca-3_smt.b" } ] }, { "statement-id": "ca-3_smt.c", - "uuid": "884942a0-a02d-451e-8b93-af9f8d591d02", + "uuid": "420806ce-2842-4712-829d-81b09b880580", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ca11e616-e671-4dd9-9da8-0b3e53d6a658", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3f3d9165-6ea3-4544-befa-01a921158ba7", "description": "Add control implementation description here for item ca-3_smt.c" } ] @@ -1212,27 +1212,27 @@ ] }, { - "uuid": "ae5e6c26-270d-4210-b16e-107a24e5eb61", + "uuid": "5876a961-4fe3-498b-9a1c-420c038ee734", "control-id": "ca-5", "statements": [ { "statement-id": "ca-5_smt.a", - "uuid": "4373b640-a329-4115-a030-f8f0dddf7e52", + "uuid": "8666e45a-45e1-4849-874f-541828edb599", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "20099967-452c-4287-9b7c-21e85185daa0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3259538d-9c2f-46b9-9f75-222e3de62539", "description": "Add control implementation description here for item ca-5_smt.a" } ] }, { "statement-id": "ca-5_smt.b", - "uuid": "5c320ed4-55fc-4c42-9bbf-1651547fdda5", + "uuid": "0c43c62f-b055-4b75-b81d-a8f0e3675e1a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2d4434a3-fdd6-4340-a6ed-f6ddb2a86f72", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f7ec3228-eb4b-4288-805d-c5af9d2bca82", "description": "Add control implementation description here for item ca-5_smt.b" } ] @@ -1240,60 +1240,60 @@ ] }, { - "uuid": "c0fd6ae2-614b-4a36-b0c3-812ae9bb277e", + "uuid": "d4194d8f-aeb4-4498-88a0-30cc2a2eeeba", "control-id": "ca-6", "statements": [ { "statement-id": "ca-6_smt.a", - "uuid": "a3faa2a4-29b0-412c-9452-2bc5b5c66270", + "uuid": "12ab40d4-1c20-48b3-b82e-80b95afd8985", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2a7cff34-d376-490b-9466-48a5853e4be7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "919bd7df-1516-410c-835a-e1c57955a6f1", "description": "Add control implementation description here for item ca-6_smt.a" } ] }, { "statement-id": "ca-6_smt.b", - "uuid": "de9c3d28-fb42-4316-a4d6-359d5deeda62", + "uuid": "e320752e-1b82-46a8-af11-c80619ca0709", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7f3ef9fd-7b2d-4d02-874a-f8de469b98ea", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "aaeb6129-44da-425d-b854-d9a5630272e5", "description": "Add control implementation description here for item ca-6_smt.b" } ] }, { "statement-id": "ca-6_smt.c", - "uuid": "62353ed3-28a3-4a68-8732-0b4911cfd594", + "uuid": "8be97385-0d44-408a-8da7-39d5b9009d36", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a63b89b1-3f0a-4d60-aa59-7a4479b7f0e3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0fd55ced-15ae-4a33-a510-8e11c70c7d93", "description": "Add control implementation description here for item ca-6_smt.c" } ] }, { "statement-id": "ca-6_smt.d", - "uuid": "1692f7ef-b05c-4ca8-828b-520402bf42f0", + "uuid": "2ae9f077-1d29-43e9-832a-b13dc248294f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f016c777-3c61-44d9-853d-73476393bb22", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e96a1bbf-ae6c-4f6c-81a9-2da325fe70aa", "description": "Add control implementation description here for item ca-6_smt.d" } ] }, { "statement-id": "ca-6_smt.e", - "uuid": "6c53fbae-c408-416c-bfb8-8f9117fa661e", + "uuid": "006038ec-d1c0-468c-8b1f-64d17ca637c2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "69dc7664-9ee8-466f-8f6e-1ddb8a00da0b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fd214b51-014c-452d-a8ec-3ae7160a95f1", "description": "Add control implementation description here for item ca-6_smt.e" } ] @@ -1301,82 +1301,82 @@ ] }, { - "uuid": "2b027611-7cb4-40d6-9f6f-cdd20a5f5113", + "uuid": "10605c21-2482-4bb8-b0ff-c29f5d92f671", "control-id": "ca-7", "statements": [ { "statement-id": "ca-7_smt.a", - "uuid": "aa1a510d-2a57-41ef-9ecd-61e948b61ab2", + "uuid": "5fe859d9-eb8e-4eca-b008-d4c658448d0e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "685b9493-0ee9-4219-ac12-84a71a058cc9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "130f0c74-9794-48e4-91a0-106e2bdf8450", "description": "Add control implementation description here for item ca-7_smt.a" } ] }, { "statement-id": "ca-7_smt.b", - "uuid": "134c63a2-69af-4c14-b20b-2aae90551125", + "uuid": "a21bd48d-5b1b-475f-b695-896961cd20d0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "19a69c4a-2fc3-4408-aeee-4faa386a3e4c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cf785dd2-d592-4bf9-8bde-b5177ef3c2a0", "description": "Add control implementation description here for item ca-7_smt.b" } ] }, { "statement-id": "ca-7_smt.c", - "uuid": "750f2e7a-c131-43be-8bb0-0af5d858c877", + "uuid": "1afce6e1-8c70-4306-a2d6-8af798e70228", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4ab99b74-4fb0-4bc7-9e79-c5aa2540f8aa", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ff42475f-e9bd-4a22-8cc4-2591802c72a0", "description": "Add control implementation description here for item ca-7_smt.c" } ] }, { "statement-id": "ca-7_smt.d", - "uuid": "48690e07-bb36-4341-a009-8cee7b6aefe3", + "uuid": "7f0dede6-e8fc-464a-932d-0e7fd731c69b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0943f29c-72fa-41a4-bb35-7acdb6d95959", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "bfa49940-dd78-4985-ae54-22b5679ba439", "description": "Add control implementation description here for item ca-7_smt.d" } ] }, { "statement-id": "ca-7_smt.e", - "uuid": "b8edf63e-fb51-4923-a43c-cc85020ce738", + "uuid": "a024e655-d126-4c3e-8a1b-d2cdf9e1aae0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "45e45e6b-4e6e-4cd6-97a3-59c2edbe3eab", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b7141fa8-d7f5-4b2b-922b-25e3cabc56cf", "description": "Add control implementation description here for item ca-7_smt.e" } ] }, { "statement-id": "ca-7_smt.f", - "uuid": "94997bc4-78bb-4e77-9b43-720ce3db9a06", + "uuid": "3427c99f-d9e4-4f28-85ab-c25ba9f44e25", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1fd09f29-b723-4359-b0b7-522faa4787db", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d336fd95-b043-453a-bc1c-b6144efb1993", "description": "Add control implementation description here for item ca-7_smt.f" } ] }, { "statement-id": "ca-7_smt.g", - "uuid": "157b987f-142c-463a-ac6a-f35d3db279ac", + "uuid": "af20c23b-66e5-4d8b-9b28-577f5a960155", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0f14198e-34ea-4795-8c2a-ad8615aa8f18", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5011da53-0821-44bd-b1b7-20780555f880", "description": "Add control implementation description here for item ca-7_smt.g" } ] @@ -1384,38 +1384,38 @@ ] }, { - "uuid": "880a47ca-4f9a-4a00-b334-8273841bad44", + "uuid": "8c08368d-4882-48a2-bb4c-70c7e7c78363", "control-id": "ca-7.4", "statements": [ { "statement-id": "ca-7.4_smt.a", - "uuid": "bd19d2dd-db1b-4f72-9489-9019e050f669", + "uuid": "369dc158-1963-4020-8ad7-78441479c8ed", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1e780336-8ad5-4dc4-88aa-4e59b22ded09", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7991dd08-4785-41e8-bc25-8c83397986be", "description": "Add control implementation description here for item ca-7.4_smt.a" } ] }, { "statement-id": "ca-7.4_smt.b", - "uuid": "4b130725-4c65-4c29-85a5-edc7ae52ab83", + "uuid": "5234efd9-d474-4e56-94ac-bf6ad103eb6a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d1594072-d75b-44d5-8af3-890e6a263686", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cf37ec28-866b-49cc-be28-3bd5266cd3c9", "description": "Add control implementation description here for item ca-7.4_smt.b" } ] }, { "statement-id": "ca-7.4_smt.c", - "uuid": "a97e90d0-5d0a-4d09-88e4-9eeeee943a74", + "uuid": "9a401728-cbe1-4d6f-9999-9723e754fe1f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d29951f8-838d-4ec8-9654-54bbf5487b55", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "91bea080-c7d5-464c-b43c-7aaa3912bf45", "description": "Add control implementation description here for item ca-7.4_smt.c" } ] @@ -1423,49 +1423,49 @@ ] }, { - "uuid": "9ef03fd9-8d15-4a0f-a2a3-1296a23ca3a2", + "uuid": "8025e5f3-9218-4652-8c57-65c4cebbe3fe", "control-id": "ca-9", "statements": [ { "statement-id": "ca-9_smt.a", - "uuid": "38fef2c2-c748-4e92-8ce5-44999de1caab", + "uuid": "43218026-58ac-4a0e-873b-3a7590e4fd12", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ccb5e4ef-12f5-4797-ab22-0a0074f2376f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f6c61cae-fe0a-4a79-8db8-bf75418094e2", "description": "Add control implementation description here for item ca-9_smt.a" } ] }, { "statement-id": "ca-9_smt.b", - "uuid": "226f1082-542a-4316-a958-586f9d36e647", + "uuid": "979bd8e9-3f79-4c94-baa9-64fbadd511a4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bda8f419-45a7-4944-af95-543a1b4a0540", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ebc0b47e-e8a5-4042-8540-c82787e16e7a", "description": "Add control implementation description here for item ca-9_smt.b" } ] }, { "statement-id": "ca-9_smt.c", - "uuid": "6c2cce54-bf49-40c9-987e-400f20378dbd", + "uuid": "1e735d09-24eb-4178-a063-4d3033a15508", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9e7c5168-34d4-4979-b5be-010ce462289c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f3412d36-9d51-48c0-a1b6-13e8525d2663", "description": "Add control implementation description here for item ca-9_smt.c" } ] }, { "statement-id": "ca-9_smt.d", - "uuid": "56685481-56a2-4b1a-9684-634c8ab146b7", + "uuid": "a71155f6-7f9c-4472-bb25-21b5c85c0977", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cb2d0015-150f-42ca-af25-240a89635504", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8ba5cd30-88af-4f38-af4f-57a7f0e0c243", "description": "Add control implementation description here for item ca-9_smt.d" } ] @@ -1473,38 +1473,38 @@ ] }, { - "uuid": "5dde093d-a561-44a6-be01-d08479260e2d", + "uuid": "6a0c0ea0-df82-4bef-aeca-531896970811", "control-id": "cm-1", "statements": [ { "statement-id": "cm-1_smt.a", - "uuid": "19432734-6571-4a20-b9ab-eddaee8a5ee0", + "uuid": "70660023-159a-42bc-ae93-ff4baef37990", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "06e1a306-a04a-4024-81ad-4e5c1533bc4f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f0b6625e-9839-42a6-82da-888fa77fdb10", "description": "Add control implementation description here for item cm-1_smt.a" } ] }, { "statement-id": "cm-1_smt.b", - "uuid": "e8b5773e-2408-4917-820c-2442d503e34d", + "uuid": "c819fd69-6ea0-4d28-a5fc-7a20e848aa7f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9f330efd-c826-4890-b739-b19b72d68a0f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "73426b75-ea15-4635-a4a2-4c019ac4c73c", "description": "Add control implementation description here for item cm-1_smt.b" } ] }, { "statement-id": "cm-1_smt.c", - "uuid": "7534003f-491e-410e-a69b-93ccc9025f16", + "uuid": "129931f0-cc30-4517-9139-28dae7022e28", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c690dbf2-0370-4f80-9451-43e731664278", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d0f65ac2-d85d-48ed-8706-1a8eb6dcf6e6", "description": "Add control implementation description here for item cm-1_smt.c" } ] @@ -1512,27 +1512,27 @@ ] }, { - "uuid": "8e5998c5-a464-4082-8418-63ad19915c1c", + "uuid": "6b32d812-129f-4c05-9571-5e0aa6e352da", "control-id": "cm-2", "statements": [ { "statement-id": "cm-2_smt.a", - "uuid": "d53861fa-8de4-4c3b-8501-c6a8432bd2e8", + "uuid": "056ae565-e5db-4bed-adae-562b583bbeb9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "aae7d42a-595c-4e3c-9dec-2fdc43a36c91", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e1e73b85-9965-4b08-8714-d0d7051ed5c3", "description": "Add control implementation description here for item cm-2_smt.a" } ] }, { "statement-id": "cm-2_smt.b", - "uuid": "cfcabd0c-a303-4ca2-801a-a56d606147e8", + "uuid": "b1aeea12-ef90-442c-8134-dcb65965e15c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fa677992-c1d9-4e71-a1a7-61447a4d78a5", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "61ec2ff8-7fb6-483a-8575-430131b91106", "description": "Add control implementation description here for item cm-2_smt.b" } ] @@ -1540,16 +1540,16 @@ ] }, { - "uuid": "eb8faf31-1115-4c65-b010-144260439efb", + "uuid": "5bdea050-d965-4e03-af06-fd860eaeedd7", "control-id": "cm-4", "statements": [ { "statement-id": "cm-4_smt", - "uuid": "54b0e537-b687-40be-af54-9484e7c2f9e2", + "uuid": "9b7c6ee0-eacf-41ff-9977-11bf6b1a9d06", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b2f5f98a-6db1-45ef-a1d4-c009c81af006", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "42bcc35f-d046-4b66-b3c5-b917eb87d06d", "description": "Add control implementation description here for control cm-4" } ] @@ -1557,16 +1557,16 @@ ] }, { - "uuid": "620ba024-cbf8-4257-93d0-9aca55c75664", + "uuid": "2069ef67-8844-45b2-917d-34ee9321d1ab", "control-id": "cm-5", "statements": [ { "statement-id": "cm-5_smt", - "uuid": "44044157-f248-47b6-81a4-62f50188d7c1", + "uuid": "ee56bd8f-8a80-4617-93c6-0900a7cb25b1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "61201a01-428c-4acd-979f-e093538b0225", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "576f6e62-0e09-496f-a3de-50563ab935e4", "description": "Add control implementation description here for control cm-5" } ] @@ -1574,49 +1574,49 @@ ] }, { - "uuid": "f8214d48-bc88-4ab7-8c1e-84bb1368b19b", + "uuid": "1d89f24a-f7d8-4c8f-8035-c70699864db6", "control-id": "cm-6", "statements": [ { "statement-id": "cm-6_smt.a", - "uuid": "0a4040a1-b923-4ce3-97d3-a50f36183d01", + "uuid": "8265b9e9-7379-490d-8f93-2010f97585e4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f9584a49-9135-4d64-ae3e-34757f432a0b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4253b39a-d2a8-4eba-909d-a6e29068a90b", "description": "Add control implementation description here for item cm-6_smt.a" } ] }, { "statement-id": "cm-6_smt.b", - "uuid": "9a874b55-542f-4873-92c6-1e55920e1f9e", + "uuid": "c04b9dd7-0144-46b0-9513-94caf2a9f34c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "22ad4021-bb60-44be-98dd-bf2bc61a2338", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a95d88d7-f4e9-4ff3-9456-10767f0ba275", "description": "Add control implementation description here for item cm-6_smt.b" } ] }, { "statement-id": "cm-6_smt.c", - "uuid": "02d5e586-1854-4f8a-8674-da59204be98b", + "uuid": "e4bf64e5-980c-468a-8f50-639d0e9539e0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0655a7e1-9884-48b9-968b-bef78b88539c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f98ad43a-5f74-4daa-a5da-7656fb634896", "description": "Add control implementation description here for item cm-6_smt.c" } ] }, { "statement-id": "cm-6_smt.d", - "uuid": "f8b0fe45-e840-47af-81e4-59af4e3357e0", + "uuid": "fdcc147f-125d-43ab-aded-a01ffb0717ca", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "63e84e1d-401a-4374-935f-cde6663d333b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "17759914-a18f-47d5-a4ca-534575e4102f", "description": "Add control implementation description here for item cm-6_smt.d" } ] @@ -1624,27 +1624,27 @@ ] }, { - "uuid": "21f4aeae-a285-4c6b-96c5-660a685e38b5", + "uuid": "e55e8756-f9b1-41c0-9834-4b010e313eb6", "control-id": "cm-7", "statements": [ { "statement-id": "cm-7_smt.a", - "uuid": "2360c85e-a7b6-417c-9ac0-9ced66e9f500", + "uuid": "932b88f2-a2ed-4a91-a6b8-774e30e4c0a0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "626b7712-58ac-43b9-b6b1-3eb4372b876f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8d4b04d6-f9e3-4d64-bda1-358091e3541a", "description": "Add control implementation description here for item cm-7_smt.a" } ] }, { "statement-id": "cm-7_smt.b", - "uuid": "86e48acc-0a7b-49a7-817b-72d88459cb6b", + "uuid": "202a3779-13a0-4a06-8550-aa4c440be21e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5f63a1cc-a984-40a8-ac9d-a3d2fe8b4380", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "00aa00f2-8bfe-4f4b-8e54-5108272b78f7", "description": "Add control implementation description here for item cm-7_smt.b" } ] @@ -1652,27 +1652,27 @@ ] }, { - "uuid": "91f09af6-3ee5-4916-85f2-22462926d86b", + "uuid": "90adf7dd-c0f6-48b9-8c7a-342294bebbc3", "control-id": "cm-8", "statements": [ { "statement-id": "cm-8_smt.a", - "uuid": "22f3a8eb-f6fb-4b71-86da-8e006ff1ed22", + "uuid": "72de641d-3540-4733-859d-67dd8ebb5f9a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "41666b31-8c7e-4826-b2df-74b230b5f0ac", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "575fa3bc-b8fc-4de0-afd8-77422bc24769", "description": "Add control implementation description here for item cm-8_smt.a" } ] }, { "statement-id": "cm-8_smt.b", - "uuid": "c674e54e-e614-416e-8542-70f913e317c8", + "uuid": "ca1a52f9-6aef-488c-87b6-e7bf24859ca0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1136fd03-34df-4236-94e3-f659f2164f7f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3d56e716-8e9e-44b4-936c-375703642f00", "description": "Add control implementation description here for item cm-8_smt.b" } ] @@ -1680,38 +1680,38 @@ ] }, { - "uuid": "2b84bdf9-f70d-4a60-921d-e139b55ed63d", + "uuid": "2d7811dd-0965-442c-8b7d-110e0302ced1", "control-id": "cm-10", "statements": [ { "statement-id": "cm-10_smt.a", - "uuid": "b7b3caa6-b594-457c-b720-e1c1929a2736", + "uuid": "b3a88625-7c43-40cc-abe4-455744aec7bf", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2cab5c7a-9cb8-4aa8-9684-b389cd64c8f1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "40d2d61e-d3aa-4fc5-89ec-c6f55c829309", "description": "Add control implementation description here for item cm-10_smt.a" } ] }, { "statement-id": "cm-10_smt.b", - "uuid": "4bb3ee2d-4bab-4e36-bd62-a88c540c83c3", + "uuid": "140d6987-68c8-421a-a43a-beb1404538e7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e3736365-2e42-44de-96a6-ee0a0f688cc1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9c1396b8-2b84-463c-96f8-c15a14cc6977", "description": "Add control implementation description here for item cm-10_smt.b" } ] }, { "statement-id": "cm-10_smt.c", - "uuid": "cc29c0f1-1cc3-413b-a102-2a3f8a0cbf30", + "uuid": "37d46929-f9e6-4656-a0a4-4a77f3d72c3d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9df4d6b3-b69f-4f30-ad2e-0e6bb9c800af", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8517674c-5f36-43f1-a3b8-ae6d5a995695", "description": "Add control implementation description here for item cm-10_smt.c" } ] @@ -1719,38 +1719,38 @@ ] }, { - "uuid": "572cdd86-e33c-41c6-990e-d6170b0571cf", + "uuid": "d497e260-34b7-4bec-96da-7799dd85c6b3", "control-id": "cm-11", "statements": [ { "statement-id": "cm-11_smt.a", - "uuid": "f72cf780-e662-46bf-a3a1-bbc9d6e0bcbb", + "uuid": "5cf959d9-da9d-43a4-a906-156bf954ea82", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "41da5241-61c7-4a75-9b32-3cd8c1cd0698", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c81eafa7-1000-4f3f-b828-d1266fe3072b", "description": "Add control implementation description here for item cm-11_smt.a" } ] }, { "statement-id": "cm-11_smt.b", - "uuid": "cb27669d-a74a-4309-9dd6-8cc2e67c70b3", + "uuid": "ea27454b-6b69-411a-8605-3110bdbbf623", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "74dc5ada-7ea7-4b1d-9b5f-53080e7c8d00", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "90581117-8def-440b-b059-4db257304eeb", "description": "Add control implementation description here for item cm-11_smt.b" } ] }, { "statement-id": "cm-11_smt.c", - "uuid": "31d4ce68-297c-4051-b49d-fc0e2b9ad30c", + "uuid": "dc214f67-32fd-4c91-903a-9a619daa8547", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c7767526-6201-4640-b151-144e98f18f81", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2b270d26-d969-486e-9e4f-90594880ffa2", "description": "Add control implementation description here for item cm-11_smt.c" } ] @@ -1758,38 +1758,38 @@ ] }, { - "uuid": "6f5473fc-78e9-439d-878f-3d915dc8f756", + "uuid": "d3f878ff-6c2e-4b5f-b4bd-f722f446e6a4", "control-id": "cp-1", "statements": [ { "statement-id": "cp-1_smt.a", - "uuid": "3311daf1-bcf3-406f-b242-e7e0cbac6a36", + "uuid": "b82be363-28d6-40bb-904b-288e65f4cbed", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "10c3fec4-d7f8-4d9b-b2dc-3a5335c7d141", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d1074b7b-8316-4905-b175-e16ad0385755", "description": "Add control implementation description here for item cp-1_smt.a" } ] }, { "statement-id": "cp-1_smt.b", - "uuid": "bb42698e-e326-4e36-a4b2-2207da7dda00", + "uuid": "8635d2a7-b6b9-4ec4-9220-badbfe10bb06", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "da22aaa3-b5f7-48cc-9cd8-ce329cab7e82", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "bd4e338c-7ea4-4c49-9df0-3d31d63acf9f", "description": "Add control implementation description here for item cp-1_smt.b" } ] }, { "statement-id": "cp-1_smt.c", - "uuid": "575c25b0-3cf3-4ad2-95ea-71966fb3e4c7", + "uuid": "613bfbc2-3c9b-4fc0-936d-0516c3237c04", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "54ad863a-3fdf-492d-bddb-05326442ed0e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "514a0e40-5a7d-49a4-8bc4-c485ab4fe4d2", "description": "Add control implementation description here for item cp-1_smt.c" } ] @@ -1797,93 +1797,93 @@ ] }, { - "uuid": "0ed0e4c3-cdf1-40f7-b92b-691bdba58136", + "uuid": "c27ba59c-bf50-4ac5-b754-d736af7af19f", "control-id": "cp-2", "statements": [ { "statement-id": "cp-2_smt.a", - "uuid": "5c0a1bfe-2ab9-404e-92d6-73694ab6e335", + "uuid": "86ee1f1d-01eb-480e-8e19-4bf24271129f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f7949101-1157-43ee-acb2-d488e575154d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a1724ea0-ffb7-4034-b39b-3b775eed21bd", "description": "Add control implementation description here for item cp-2_smt.a" } ] }, { "statement-id": "cp-2_smt.b", - "uuid": "b1571801-7ab2-41b0-81b9-3c3e3430cc53", + "uuid": "f7e5e635-534f-47cd-96c1-6644e13555f8", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b42a2a93-a42d-4148-99f0-23d84f8a52b0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c92136e2-f9ac-4be5-a075-5f9a968cd8d3", "description": "Add control implementation description here for item cp-2_smt.b" } ] }, { "statement-id": "cp-2_smt.c", - "uuid": "c2664f6b-a7ac-47bd-b3c4-6641fada9360", + "uuid": "09ffc936-6d81-4cf2-ba89-75dd2f313f80", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ac63af4a-eaa0-47b3-a227-681db13b5b70", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d28a0dcf-176d-4b95-884c-1860ac9cf1ca", "description": "Add control implementation description here for item cp-2_smt.c" } ] }, { "statement-id": "cp-2_smt.d", - "uuid": "667ce5b7-e0b5-420e-8e48-2ce377b24db4", + "uuid": "f5de3b55-18be-4996-9081-fc15929814f7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f0e7bb9d-abee-46c4-a58e-35cb02488396", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "65775e8f-f375-4a61-81ee-4b0be6a6cba1", "description": "Add control implementation description here for item cp-2_smt.d" } ] }, { "statement-id": "cp-2_smt.e", - "uuid": "c7294914-3177-4778-8efa-8d00bd3ba3c7", + "uuid": "401f5fa0-0f62-408b-b671-63f1bdfd6ec6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6c12447a-ad59-4e22-8f39-45ec3dce2d9b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e6164dc8-0e28-4439-9357-d7f67d052711", "description": "Add control implementation description here for item cp-2_smt.e" } ] }, { "statement-id": "cp-2_smt.f", - "uuid": "d160bd3a-8518-4173-9ff9-44d47397f7f6", + "uuid": "090c137a-d865-40d4-8c17-7d3d8602d8a5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "265d06c7-9960-4fc6-954f-18b8278df833", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2fe05e33-30a1-455e-8e4c-02d1d998ac3c", "description": "Add control implementation description here for item cp-2_smt.f" } ] }, { "statement-id": "cp-2_smt.g", - "uuid": "dab50fe9-6a81-4922-8df5-027517d2b9ae", + "uuid": "1c6adb26-9f60-4f47-b359-52ad07b04413", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6e736060-bfce-477b-87c9-87785cf48765", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "831817cc-b044-4646-adc3-35efccf93cff", "description": "Add control implementation description here for item cp-2_smt.g" } ] }, { "statement-id": "cp-2_smt.h", - "uuid": "3a187b12-6923-4770-8a38-7a2e5b78cafc", + "uuid": "2fec1502-13c8-45bc-bf11-61bd93384399", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6ca2d958-a4d7-47d7-a959-e9961fb89d23", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0a97136d-c643-40be-b6c3-e78881c74cce", "description": "Add control implementation description here for item cp-2_smt.h" } ] @@ -1891,27 +1891,27 @@ ] }, { - "uuid": "f1feafef-95e7-440a-a1a4-e06f729da9df", + "uuid": "0dc812a8-275a-4ad4-a069-3bd794586180", "control-id": "cp-3", "statements": [ { "statement-id": "cp-3_smt.a", - "uuid": "bf5394e0-8954-489c-9afb-0bfd7befbb01", + "uuid": "ea9507e2-b273-4f11-acc3-ec8c2ec2e1f2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "02d17edd-885e-4603-ae79-a69531c1395e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7b5102a3-0aa6-4ca0-a310-fedc11113411", "description": "Add control implementation description here for item cp-3_smt.a" } ] }, { "statement-id": "cp-3_smt.b", - "uuid": "ee7f46f8-dcf8-48b6-baad-d0f34d0e8c05", + "uuid": "19959b09-03d0-4cc3-89ae-711ec7554587", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "03bd0b0f-1151-4839-9dcb-b6440b77e05d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5f723e22-e5ce-407e-beea-682ceaf6402a", "description": "Add control implementation description here for item cp-3_smt.b" } ] @@ -1919,38 +1919,38 @@ ] }, { - "uuid": "f58adecb-f6aa-4997-9da7-42d59051ead2", + "uuid": "523676f2-53eb-401e-b376-e35721568112", "control-id": "cp-4", "statements": [ { "statement-id": "cp-4_smt.a", - "uuid": "04e46863-8501-4249-9639-babec8daf767", + "uuid": "76990e9f-2c7a-4ea7-ae0f-6ffceda8a7d9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7e18b9f5-c676-467d-a360-b0b6ea6758fd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2494c6a7-28df-4b8d-8b5f-d6133008b774", "description": "Add control implementation description here for item cp-4_smt.a" } ] }, { "statement-id": "cp-4_smt.b", - "uuid": "1d8aff09-fe04-457f-9f5e-8a03ba70adee", + "uuid": "cf1b2836-63f1-4158-bdd4-a4867c44446a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0f06e521-bb30-4be4-8c67-2fa2161a21a7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "bf35a993-85c5-4988-9ebf-516df9e77e1d", "description": "Add control implementation description here for item cp-4_smt.b" } ] }, { "statement-id": "cp-4_smt.c", - "uuid": "7e79250a-64a4-4549-b257-9d71b8efccea", + "uuid": "4cb27a9e-73bd-43f8-91b3-a6eadfc6b82c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f4af08b8-2b10-4bc1-b77a-42af7e64f9d9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b0a9f47d-8587-46ae-a9fa-8e8a802b1a2a", "description": "Add control implementation description here for item cp-4_smt.c" } ] @@ -1958,49 +1958,49 @@ ] }, { - "uuid": "69b400f4-6e05-473c-aecb-56117d090832", + "uuid": "69fdca57-530f-4f95-a60d-d874cb4a7473", "control-id": "cp-9", "statements": [ { "statement-id": "cp-9_smt.a", - "uuid": "4cf5e062-154e-46cb-aac9-ac1a61aabf06", + "uuid": "b1838872-90fa-4dcf-ad13-d7ee9da14bcd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "88e34b0f-3215-485d-92ee-2956574da9f8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7c5fe248-fbdd-4e6a-88b2-b0bae8fbeeb7", "description": "Add control implementation description here for item cp-9_smt.a" } ] }, { "statement-id": "cp-9_smt.b", - "uuid": "fd5b7748-8eff-4729-bdce-e6a63ea2ed65", + "uuid": "685ed009-9b56-47f8-9dd0-a9eaa69d4e56", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "419d3ca9-af06-432d-874d-1fad1418d33b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ed439385-ab6e-4829-a496-b3301b48ca5d", "description": "Add control implementation description here for item cp-9_smt.b" } ] }, { "statement-id": "cp-9_smt.c", - "uuid": "91b3a750-dc9d-4938-a3c4-161b288c79aa", + "uuid": "f1d3be21-eb22-4995-8fc7-2e298d932278", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f1650f6e-fc51-4bd2-99a6-b9b57af6bac0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6c78028d-683e-4271-949d-884d6a9eb508", "description": "Add control implementation description here for item cp-9_smt.c" } ] }, { "statement-id": "cp-9_smt.d", - "uuid": "2dada1af-c281-4aa5-a886-63166a52be72", + "uuid": "9625822a-17c4-4f92-a49a-acca2b15643c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "619ab715-ac1a-4df0-8b15-923b7a5813d4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "808786e7-1025-45e8-9087-97422b9674b3", "description": "Add control implementation description here for item cp-9_smt.d" } ] @@ -2008,16 +2008,16 @@ ] }, { - "uuid": "586ce779-c751-425e-b61f-13e3a43801e2", + "uuid": "8ddbc456-daf9-4107-8023-2c6e23be5c8a", "control-id": "cp-10", "statements": [ { "statement-id": "cp-10_smt", - "uuid": "6fe19d4c-b467-494b-93ee-6cffbc48930f", + "uuid": "89de1e8c-eb9d-418e-bd6f-62ef405ffcc2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b341c282-52a9-45ec-8f6c-15faa60e0ff7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "83401ac4-72b9-4dfd-95d8-5cf806686032", "description": "Add control implementation description here for control cp-10" } ] @@ -2025,38 +2025,38 @@ ] }, { - "uuid": "5a8a12ac-cac8-4e69-b51d-0907119130da", + "uuid": "31acd4f3-0a73-4d3a-9d47-d50d39980338", "control-id": "ia-1", "statements": [ { "statement-id": "ia-1_smt.a", - "uuid": "b5db0927-4d5e-48bb-ae92-9ccfb3e4793a", + "uuid": "978afb78-6144-45f8-b9e3-726cd1439f0a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "09c75b3e-1e5d-4464-9a74-890d30006c56", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b97b6876-964d-4ab4-86c2-ffac914eddbe", "description": "Add control implementation description here for item ia-1_smt.a" } ] }, { "statement-id": "ia-1_smt.b", - "uuid": "29aa7f1d-af3c-4dd6-b619-f89eff1e6c7e", + "uuid": "d0e3ea07-2f45-42b8-91c2-4cd2813492fa", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e71f475b-bc5b-4063-938c-8cf9bd643a1d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0a855948-bc89-4e48-9e86-a77efcbd5b3b", "description": "Add control implementation description here for item ia-1_smt.b" } ] }, { "statement-id": "ia-1_smt.c", - "uuid": "3946c5d4-4650-4b87-8d40-9957819e73e4", + "uuid": "b8ff6cc0-9fe7-4011-9ec3-649169528740", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9b4b35dc-15e5-4394-a493-3f9195260044", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3facef06-7ae5-468e-8d4e-4516dff5e946", "description": "Add control implementation description here for item ia-1_smt.c" } ] @@ -2064,16 +2064,16 @@ ] }, { - "uuid": "629d2342-6e52-4676-ae35-0900c76a45ca", + "uuid": "60c47624-c680-4769-a72f-f54e718e4909", "control-id": "ia-2", "statements": [ { "statement-id": "ia-2_smt", - "uuid": "221c07b7-de12-41ea-a4a4-2bf1f1335d11", + "uuid": "913d757d-668a-4bd6-9f8d-647449421f87", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e5682c13-0a8c-40e5-a070-257d39934631", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "824e9636-b940-4aa3-a9ee-7646ddb2336f", "description": "Add control implementation description here for control ia-2" } ] @@ -2081,16 +2081,16 @@ ] }, { - "uuid": "67ad17f8-1687-4733-a3dd-ee470987f7d5", + "uuid": "96d879af-59e3-45c1-8452-4e16379edbb2", "control-id": "ia-2.1", "statements": [ { "statement-id": "ia-2.1_smt", - "uuid": "394cf090-5204-4953-8e8e-a32ced8c46f1", + "uuid": "f277d1a0-e240-4a98-b3c9-ab3d47d9d49e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e7802707-be16-4e63-a17b-b5ddde519722", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e0f88f44-fd22-465d-8192-f82eba091d93", "description": "Add control implementation description here for control ia-2.1" } ] @@ -2098,16 +2098,16 @@ ] }, { - "uuid": "76edc0a7-653b-4304-8cd1-6b9b045c2f47", + "uuid": "d1b88337-95f9-4c71-b42b-224a3e8601fb", "control-id": "ia-2.2", "statements": [ { "statement-id": "ia-2.2_smt", - "uuid": "b7722336-13b4-4fdf-a372-9574bf60ca1b", + "uuid": "26ae62a5-389c-4031-87c9-5a1df17bb5b7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "24c548ee-6477-4340-b318-991fda44ec6d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "130e1abd-c16e-4fca-a90c-e0d423939aa3", "description": "Add control implementation description here for control ia-2.2" } ] @@ -2115,16 +2115,16 @@ ] }, { - "uuid": "5b8adb08-2a58-4b99-b403-14e03562cea7", + "uuid": "69c15b37-3f7b-4d65-8a18-ee61d437d5ea", "control-id": "ia-2.8", "statements": [ { "statement-id": "ia-2.8_smt", - "uuid": "449c8ff2-30cf-48c5-aa7c-f4699e2f2763", + "uuid": "c83a401c-6d85-4084-a173-9dad2beff869", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2639a489-c6b7-4eb1-b68a-69fffbe664f3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1d0fd512-83c7-4270-9cfd-17e901e00d26", "description": "Add control implementation description here for control ia-2.8" } ] @@ -2132,16 +2132,16 @@ ] }, { - "uuid": "61fd83a9-756c-4571-93eb-b936a470b7f7", + "uuid": "251b550a-d841-4ff2-84c8-4fd5788c2851", "control-id": "ia-2.12", "statements": [ { "statement-id": "ia-2.12_smt", - "uuid": "da1c7090-1661-477f-a2a3-f2dfb2eb34d4", + "uuid": "16143885-fc13-4318-907a-0d8bfdefb76f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1e8148cc-edf7-48d6-803c-b72aa1940486", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5a056cb0-ff49-4244-aa6e-96b559215cf4", "description": "Add control implementation description here for control ia-2.12" } ] @@ -2149,49 +2149,49 @@ ] }, { - "uuid": "e205763b-b558-4f66-9305-7dc186201bfe", + "uuid": "3fed3504-433c-4aea-a269-812d589c9b9b", "control-id": "ia-4", "statements": [ { "statement-id": "ia-4_smt.a", - "uuid": "8f1979b7-52a8-4216-9486-4b326e73a691", + "uuid": "31bb4a36-8567-4d4f-8b60-eb92fb5218e1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "83a82585-41fd-43b6-a364-ebed0dd038a1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "55cb0707-c177-43f5-8ad2-d34077bc33a4", "description": "Add control implementation description here for item ia-4_smt.a" } ] }, { "statement-id": "ia-4_smt.b", - "uuid": "34a3e52a-94a4-4ce5-a2dc-46fd6c1481ca", + "uuid": "81cded86-a48a-4dc9-99cd-a22611a3131d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3f9881af-e64e-4b62-bf44-108e0eed4a62", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5ebb77b4-8e69-4576-a786-40c98537c95c", "description": "Add control implementation description here for item ia-4_smt.b" } ] }, { "statement-id": "ia-4_smt.c", - "uuid": "5240fbfa-0bee-4bd1-bc8f-9ad42470144b", + "uuid": "24810889-2a8c-4f6f-8b23-463c52cf4575", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "78f7c79d-7ea5-49a5-8e3b-19c56ae50d65", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "48230d15-2358-4661-a65c-1d3d9070952d", "description": "Add control implementation description here for item ia-4_smt.c" } ] }, { "statement-id": "ia-4_smt.d", - "uuid": "0ecd3ea3-0a99-4eed-b68f-b9462e4a115a", + "uuid": "5f599361-77dc-4aed-81e1-4f22455d9869", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ef04557d-6d3c-4fc9-b90b-b5e7246da004", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d42058c2-3abe-4501-8723-905c516bdec1", "description": "Add control implementation description here for item ia-4_smt.d" } ] @@ -2199,104 +2199,104 @@ ] }, { - "uuid": "6a16fadc-1a50-4313-a9a2-631c1bc005e3", + "uuid": "cf0185a5-bd8a-4dec-a3f3-93ebcea2a944", "control-id": "ia-5", "statements": [ { "statement-id": "ia-5_smt.a", - "uuid": "78665434-1523-457e-b9cb-442cea9127ce", + "uuid": "d3af44bf-caea-4cc2-a393-7a6e94abf997", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b1b8d440-9ea3-463f-a688-987fa69696a7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "71a86f21-9972-4e53-8993-2cebd87f83df", "description": "Add control implementation description here for item ia-5_smt.a" } ] }, { "statement-id": "ia-5_smt.b", - "uuid": "8e3a6f01-daad-4d8c-b94d-8ed0fc8499c2", + "uuid": "013b29ea-e6b9-4f4c-b8c8-b25f8e3997f4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e496aba2-6669-4a0f-96a0-21076afb6902", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "33b128f7-0192-4da1-96ab-949b18c68748", "description": "Add control implementation description here for item ia-5_smt.b" } ] }, { "statement-id": "ia-5_smt.c", - "uuid": "72f40639-e7bf-4f21-aa6e-b8cf9dc3c263", + "uuid": "4a0cbcd8-29f8-4f89-bba0-3d908112d24d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f1cb3781-ddae-4424-b854-5db80e67f5aa", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a0d78a0e-d438-4e56-aeff-e2e9a8f18d43", "description": "Add control implementation description here for item ia-5_smt.c" } ] }, { "statement-id": "ia-5_smt.d", - "uuid": "c5ab0377-e3c6-49f0-9fff-3f14d2623212", + "uuid": "738afe37-807a-4870-be4f-4440da9f430d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "de792aa8-5048-4f6c-88b0-8a5a559794a1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "06d5d67e-9056-47fd-9210-0272008579a3", "description": "Add control implementation description here for item ia-5_smt.d" } ] }, { "statement-id": "ia-5_smt.e", - "uuid": "7a1f7c19-531b-44a2-83fa-07cef35dd01a", + "uuid": "88d9fe7b-2085-4539-8df1-65bfbd1cf4a3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b4cd4e29-7871-42df-bd1c-cdb00c6f57e8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d02e6620-40d0-4c6f-9eec-1306fb0259a5", "description": "Add control implementation description here for item ia-5_smt.e" } ] }, { "statement-id": "ia-5_smt.f", - "uuid": "3ffb56ae-14e3-4fb6-8dac-b582b03afef0", + "uuid": "d3632e52-53c3-4cfe-81e4-178456154b19", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "718eab31-ba32-4073-95d1-18c583146e50", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d6c16b87-60a0-4453-a00c-222fe12cc50e", "description": "Add control implementation description here for item ia-5_smt.f" } ] }, { "statement-id": "ia-5_smt.g", - "uuid": "0195a85a-f788-4171-8f6c-8e64e664b374", + "uuid": "c217d667-02e1-43c0-af2b-d3817190bcbb", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5315e4f0-31bb-47bc-95b8-86aac32e0f85", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8dec9185-0246-4bd4-991c-3bdefe0ec23e", "description": "Add control implementation description here for item ia-5_smt.g" } ] }, { "statement-id": "ia-5_smt.h", - "uuid": "5a932bdb-a92c-4f31-aba8-b36a55dd9c50", + "uuid": "915f07a0-5077-4efa-94cf-cb664e4d36a1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "74096185-a7ee-4e8a-a3d8-2c9657000786", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9cf03939-a5b3-4521-974f-38dae9c2e5b8", "description": "Add control implementation description here for item ia-5_smt.h" } ] }, { "statement-id": "ia-5_smt.i", - "uuid": "8e892f51-a405-4217-88ca-d3e16c1de13f", + "uuid": "43528bc4-bd63-4fa2-aadf-c98faba0b18a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "efee2133-84ac-46b5-974b-b3044898ff82", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6ca752be-c742-4827-8972-bbde524b41c5", "description": "Add control implementation description here for item ia-5_smt.i" } ] @@ -2304,93 +2304,93 @@ ] }, { - "uuid": "f8ece737-c622-41e3-b21b-186d9267ab98", + "uuid": "3bf4730d-17c5-449b-ad7d-48c820e73b26", "control-id": "ia-5.1", "statements": [ { "statement-id": "ia-5.1_smt.a", - "uuid": "ff327d3c-a623-4c7d-ad3a-b69077be844b", + "uuid": "a15f1af3-f8b9-417d-9c2b-22b4543cc390", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "10ffa256-8a40-48f3-bf9e-9103280ff040", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2a3995f6-baf2-4487-a49c-63c60e0f7302", "description": "Add control implementation description here for item ia-5.1_smt.a" } ] }, { "statement-id": "ia-5.1_smt.b", - "uuid": "e423ea26-f23f-4e34-9987-ce08c52dc7cb", + "uuid": "e842809b-ae3d-4ca3-a50d-b5df4af5a327", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c212aa41-3254-4b6e-842f-0e969a6ca99d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7a0c971d-21c8-4a3b-82ca-b196ddc187f0", "description": "Add control implementation description here for item ia-5.1_smt.b" } ] }, { "statement-id": "ia-5.1_smt.c", - "uuid": "bc2ad926-d458-4ff5-a6b1-f93ec6e01795", + "uuid": "b7886bba-a9f8-47e7-9ce6-510963b1ecd1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f287fb22-9a8d-4015-817f-6457f0b0f71e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "62e615a7-03bd-47bc-aa69-54a0c81fd1cd", "description": "Add control implementation description here for item ia-5.1_smt.c" } ] }, { "statement-id": "ia-5.1_smt.d", - "uuid": "78c0cf89-ff9f-42b0-b6f1-e7f41cb601a3", + "uuid": "43bdeeee-a8fd-46ee-b329-9c3642f2a68c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1d41c4e4-e51c-4344-8d73-6d95895360e1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "21396041-8887-4872-9c3b-a77b8be90761", "description": "Add control implementation description here for item ia-5.1_smt.d" } ] }, { "statement-id": "ia-5.1_smt.e", - "uuid": "787f4055-ed14-4525-965e-2c8f8b1c2e2c", + "uuid": "c772d9e3-3d64-4f0f-a31a-4e00ef5a6767", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7f47a874-f950-4b64-be32-03a03527de01", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "72be90de-e847-4a87-87ad-b5767399152c", "description": "Add control implementation description here for item ia-5.1_smt.e" } ] }, { "statement-id": "ia-5.1_smt.f", - "uuid": "bb185529-57f4-45a7-be60-0b2d0ee6cbc5", + "uuid": "4cfaa0f1-5725-4b01-be7f-f173e62269a5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "597ba514-829e-492c-8b81-0362aa457094", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "428176ce-2ae8-41e1-9e4f-acca06d5d627", "description": "Add control implementation description here for item ia-5.1_smt.f" } ] }, { "statement-id": "ia-5.1_smt.g", - "uuid": "a761c690-3698-4a0b-a654-5cd06020905d", + "uuid": "f136b0f5-2097-4c9f-befc-b57c181e277e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "218188ea-e358-4872-9f5f-89d3089159b0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d0ea4528-3e3f-4d4b-bb34-ecb157c387bb", "description": "Add control implementation description here for item ia-5.1_smt.g" } ] }, { "statement-id": "ia-5.1_smt.h", - "uuid": "9163c6af-ad66-460e-8142-451098257738", + "uuid": "5d1d846c-aa99-441b-890d-3acfee49892e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f7956e22-b7b8-4791-ae09-307bd6360bad", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "973a39d7-90d0-45fa-bddd-37568f0baa74", "description": "Add control implementation description here for item ia-5.1_smt.h" } ] @@ -2398,16 +2398,16 @@ ] }, { - "uuid": "93939378-7fc9-41c1-9cfe-695fac7ae9f0", + "uuid": "4981f1b1-5931-4776-b920-b61aca8d1b72", "control-id": "ia-6", "statements": [ { "statement-id": "ia-6_smt", - "uuid": "4ee33ed0-79a0-474a-aded-2cfa8515b731", + "uuid": "41ebd5eb-f76a-4a2b-ba0a-ac0834ebac86", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "06febf2d-048d-4d1b-8cd7-1ec69579707c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f287d102-6fb5-4a29-bd09-bc4fcc367085", "description": "Add control implementation description here for control ia-6" } ] @@ -2415,16 +2415,16 @@ ] }, { - "uuid": "4c775db3-3143-458e-9600-974595d833fb", + "uuid": "83f53e9b-289b-4109-8326-ec9844cceb42", "control-id": "ia-7", "statements": [ { "statement-id": "ia-7_smt", - "uuid": "474320fb-40cf-4b5e-ab06-1a9f91529fb7", + "uuid": "84a88207-a8a9-4133-83cc-bf5067ddd74d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "874e28f8-c2ba-4b43-a0db-2b5c119e238c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a445c61b-ec02-42a2-8c5d-2310ba9f8d04", "description": "Add control implementation description here for control ia-7" } ] @@ -2432,16 +2432,16 @@ ] }, { - "uuid": "46cdeade-3b86-4f49-9f33-b1c51e74419f", + "uuid": "5991e86a-79c6-4146-9f7b-247d625a4d60", "control-id": "ia-8", "statements": [ { "statement-id": "ia-8_smt", - "uuid": "ec6a8bca-5ae3-48dc-9349-fcb81dbe7fbc", + "uuid": "295a7000-e406-46bd-9491-44e17cb7b148", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a5deb36f-d162-4b32-997f-db82d3ce04c1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "988fc621-7968-40e6-80f6-e9d69fc84cfa", "description": "Add control implementation description here for control ia-8" } ] @@ -2449,16 +2449,16 @@ ] }, { - "uuid": "af30a978-5ac1-4c7d-91fb-7780759bdd0f", + "uuid": "bcc69dfb-a4e4-416e-85c4-95e1e9d6f8f2", "control-id": "ia-8.1", "statements": [ { "statement-id": "ia-8.1_smt", - "uuid": "bf3b8690-8e78-452c-9b42-fe6dd06e9819", + "uuid": "d4872a51-21dd-4386-9c42-2b0ddc97b7cb", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "285e18f5-7ca6-4581-97b8-2d9f6fd8a53b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "48becb66-7de7-455b-91f6-b5db1f24fcd1", "description": "Add control implementation description here for control ia-8.1" } ] @@ -2466,27 +2466,27 @@ ] }, { - "uuid": "ac0e445f-b71c-4d06-945f-cd7aa273c5d5", + "uuid": "2e7d87f3-c505-40a3-9777-78b88053ad23", "control-id": "ia-8.2", "statements": [ { "statement-id": "ia-8.2_smt.a", - "uuid": "a81603e7-5cf1-4be3-942b-c28c6d0783c1", + "uuid": "bb832064-68ee-4567-a1cf-ba0e9a7c1027", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6abb929c-fd08-435c-8b4b-4d80f244e49d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "62cc2906-ac9d-4630-b68d-d3511a4c86cf", "description": "Add control implementation description here for item ia-8.2_smt.a" } ] }, { "statement-id": "ia-8.2_smt.b", - "uuid": "b5dfcdc9-c4ce-4d6c-a144-c3d8d3c4556d", + "uuid": "fab6312b-5ac8-449b-b5c4-d5634cf7ea41", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "24af7ef3-fdd9-4afb-bb0d-16723f386d23", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "58edb3c5-ea30-4a39-b385-66ef357bf2ed", "description": "Add control implementation description here for item ia-8.2_smt.b" } ] @@ -2494,16 +2494,16 @@ ] }, { - "uuid": "b1632e10-d176-4e0b-a788-184e6eb993b4", + "uuid": "c70e6bb4-52e1-4669-a267-818e405d2b35", "control-id": "ia-8.4", "statements": [ { "statement-id": "ia-8.4_smt", - "uuid": "c355587e-779a-43ad-bedc-296b84ee12a0", + "uuid": "e51ab4b8-1f2a-46f4-b08e-fcd62de0aa52", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "03cb1910-6bb6-47e7-a1e0-67d4ecb14e15", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1eef9401-a8be-4d3d-9cee-ae08a35ffd3d", "description": "Add control implementation description here for control ia-8.4" } ] @@ -2511,16 +2511,16 @@ ] }, { - "uuid": "53e8f366-073c-447e-b6ba-5f19583394f0", + "uuid": "f896d336-bd02-46d7-adaa-d864cf785320", "control-id": "ia-11", "statements": [ { "statement-id": "ia-11_smt", - "uuid": "754d9a36-2249-4eb2-86d9-9844b9e955b3", + "uuid": "7f2aca5b-7256-4efd-b8b6-a080dade67f4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0be90447-c961-4883-92b5-568383916dc7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1cff7b3d-e323-47bd-a47c-4ad5bdbeae2d", "description": "Add control implementation description here for control ia-11" } ] @@ -2528,38 +2528,38 @@ ] }, { - "uuid": "823b7dc3-5607-49e4-9dd8-b4c7442325cc", + "uuid": "dec8a7c9-74a0-46ae-b35d-6fdf9e3ad3bd", "control-id": "ir-1", "statements": [ { "statement-id": "ir-1_smt.a", - "uuid": "9c637f8b-b6a6-4c60-99b7-e8c7e693cf07", + "uuid": "79f6edc5-b13f-46a3-8fa8-8afba6e34db4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c4e1c75e-e42a-4a12-adaa-fe33d18defcf", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8fa73773-3b1f-4875-9b01-080c5d572610", "description": "Add control implementation description here for item ir-1_smt.a" } ] }, { "statement-id": "ir-1_smt.b", - "uuid": "43c6f20e-e77a-4bb2-9375-65d9901b7c78", + "uuid": "7c2c54d6-4d29-472d-a9db-8e5260744def", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e6500116-8c2f-4f7c-9824-2bd1e0a68fb5", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "81792961-33ac-405f-b294-7ca3f32efc5e", "description": "Add control implementation description here for item ir-1_smt.b" } ] }, { "statement-id": "ir-1_smt.c", - "uuid": "98eb9f80-f915-4c9b-9fb1-2f7c5ee89ebf", + "uuid": "dcbfcdfa-2613-409f-a148-d1effbfadfa6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8cbb5dd8-c111-48c6-b351-ffff834a383c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a4987766-fd18-402c-b96d-ed41ffa66308", "description": "Add control implementation description here for item ir-1_smt.c" } ] @@ -2567,27 +2567,27 @@ ] }, { - "uuid": "e6e8538d-f204-4e9c-83dc-dd76bd71eced", + "uuid": "3470aa9d-b780-4190-8565-363674fb9359", "control-id": "ir-2", "statements": [ { "statement-id": "ir-2_smt.a", - "uuid": "8c4f9ded-c66d-4d21-8c89-d27f0ef1d93a", + "uuid": "1c74320d-8e50-4824-ab8f-f8087a8c9f30", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ecc3a857-13a1-4848-8cb2-4bfb1066993c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4ad75ece-416f-4a17-a84c-efef6dbcfa3e", "description": "Add control implementation description here for item ir-2_smt.a" } ] }, { "statement-id": "ir-2_smt.b", - "uuid": "99fc773a-df22-4d7e-8471-c103ed192348", + "uuid": "c00b7a27-598f-4302-b572-cc1b11d21829", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4571e028-d16a-45cd-b85c-f4782d617af4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "afe12837-6f19-4660-86c9-95322a9c949a", "description": "Add control implementation description here for item ir-2_smt.b" } ] @@ -2595,49 +2595,49 @@ ] }, { - "uuid": "3ba9ded4-ef1a-4b01-bc29-eeba58755813", + "uuid": "74eddcd1-b848-48c6-b53d-25ff142d8356", "control-id": "ir-4", "statements": [ { "statement-id": "ir-4_smt.a", - "uuid": "4fea2336-9e84-4129-a573-6d478f88889b", + "uuid": "9394932f-ce9d-4600-b5f0-bf2c04fab73c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ef0e8da1-565d-4f88-be68-17335c834809", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0d9484a5-2c11-48ae-8cf9-df62a29f2e31", "description": "Add control implementation description here for item ir-4_smt.a" } ] }, { "statement-id": "ir-4_smt.b", - "uuid": "1952582d-0df2-4e46-a53a-57ed58ac816b", + "uuid": "27da670d-d19b-401b-a36d-7a26e6683a91", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c9acbc85-23eb-4344-92fd-35291a8fc906", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9eb01cac-774f-43af-92fa-dbd74b83d801", "description": "Add control implementation description here for item ir-4_smt.b" } ] }, { "statement-id": "ir-4_smt.c", - "uuid": "bb4f6dce-f43f-48f0-8899-2cc9660decd6", + "uuid": "a18be6a3-d7ae-4870-b57b-fa3f0734181e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fe328a23-8f7d-4d19-a429-d08ae4eb2e99", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6744e4d5-302c-4b72-9dec-9d6cd150af4b", "description": "Add control implementation description here for item ir-4_smt.c" } ] }, { "statement-id": "ir-4_smt.d", - "uuid": "294e7683-7a87-4fa2-bf28-ed97a628c044", + "uuid": "5aa041a9-836f-4d96-b1ee-b21e5ba067df", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6752fbc7-4ee6-4b1c-bcf9-ee5cf3bd121d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "abc09dc5-8503-401f-adce-910b90fecb14", "description": "Add control implementation description here for item ir-4_smt.d" } ] @@ -2645,16 +2645,16 @@ ] }, { - "uuid": "8771261f-5c4f-4eec-9d66-d6a0ac347e66", + "uuid": "d7d54180-26de-40bb-8f30-1d8d8aa7be25", "control-id": "ir-5", "statements": [ { "statement-id": "ir-5_smt", - "uuid": "b14b4d0c-f515-43bb-9467-b7f580502acd", + "uuid": "ef2aa1a2-98b7-4548-a43b-9ac5bb4bd4c5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "77943a25-37d7-45fd-b85a-49a63bbee3ad", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d773e743-7901-49a3-8869-b4f4ad388938", "description": "Add control implementation description here for control ir-5" } ] @@ -2662,27 +2662,27 @@ ] }, { - "uuid": "26bf53af-888d-479c-937a-6af05ad31b79", + "uuid": "3dd315e2-2233-4d97-a31a-f5b6b2148570", "control-id": "ir-6", "statements": [ { "statement-id": "ir-6_smt.a", - "uuid": "9d680327-d57a-4339-bc0c-439f0caf50fa", + "uuid": "d533b025-d69f-4b75-9edb-cf7100b01b23", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8d11c7fa-8dda-4a85-bce0-ea794abd1e2e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1cb1228e-a7fa-4232-8c21-8279e721988f", "description": "Add control implementation description here for item ir-6_smt.a" } ] }, { "statement-id": "ir-6_smt.b", - "uuid": "d056783f-30b1-4039-afe1-0fa8f3d35dad", + "uuid": "aea30e53-3740-4130-8d32-6cbc8737c6e0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8b7d220d-c3a4-4c4e-92da-877f2c2ecb05", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fcb34ced-39c6-4323-87df-5c3badbc81fa", "description": "Add control implementation description here for item ir-6_smt.b" } ] @@ -2690,16 +2690,16 @@ ] }, { - "uuid": "83220c2f-0cb7-4bb7-8cee-1be42beba3f9", + "uuid": "4a9a768e-a796-482f-b20f-99b45e03d3ca", "control-id": "ir-7", "statements": [ { "statement-id": "ir-7_smt", - "uuid": "d14941bb-835c-464b-9a62-6413231cc855", + "uuid": "6ea38982-5515-4de9-9e11-6511b9d53afe", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "273a670d-53d8-44e3-8218-521826c85c3d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "82139759-fe12-43ba-984f-c90bef476040", "description": "Add control implementation description here for control ir-7" } ] @@ -2707,60 +2707,60 @@ ] }, { - "uuid": "d3cec4c5-7ee5-4d26-8595-28b3acf28827", + "uuid": "9184f913-9362-460b-9a3b-ba2819d81451", "control-id": "ir-8", "statements": [ { "statement-id": "ir-8_smt.a", - "uuid": "6b17d634-b9f7-44b8-a009-3e6a0bd87882", + "uuid": "fa62fa27-0315-453f-b3b9-de1bbb421636", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dbbfc5ba-f0d6-4aa2-bcfc-4561343c8de0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8b8bf2ae-730b-42ac-944c-6d00943452b6", "description": "Add control implementation description here for item ir-8_smt.a" } ] }, { "statement-id": "ir-8_smt.b", - "uuid": "7bffba9e-ac03-4360-b77b-e6cda059ae9b", + "uuid": "10019eda-c31b-47f6-bba4-50a3fb173b71", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0420d8df-a116-4a79-9a3f-2deeb85e8ab6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1a81a87a-28a0-49aa-a16f-55b04b3d68e5", "description": "Add control implementation description here for item ir-8_smt.b" } ] }, { "statement-id": "ir-8_smt.c", - "uuid": "cb77d7af-3ea5-4ba4-a235-4cf9009f0a5d", + "uuid": "0d7e4520-7e7e-4003-bfa5-d78d8c8de609", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "22d6e827-ff14-4db4-8356-9a9910135370", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "dde627f0-5842-4f08-810a-a1768567d3d7", "description": "Add control implementation description here for item ir-8_smt.c" } ] }, { "statement-id": "ir-8_smt.d", - "uuid": "79fe4b8b-79b0-4f6e-87b6-f16c5f9af32d", + "uuid": "def61583-493a-43ab-b0c2-959668248232", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ffc94724-0ce2-4bf0-8caa-218320a974ef", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "593b029c-f63b-4cf6-8431-7898821d8bc7", "description": "Add control implementation description here for item ir-8_smt.d" } ] }, { "statement-id": "ir-8_smt.e", - "uuid": "c3c20020-e3ef-4b9c-b74d-82e4932f47ba", + "uuid": "970ef9ad-1b2b-4cae-bbb0-29e51db13da4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0715c4c0-f461-4768-97dd-04da288cc429", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4c38ba0c-e653-4e53-a71d-3b130f356416", "description": "Add control implementation description here for item ir-8_smt.e" } ] @@ -2768,38 +2768,38 @@ ] }, { - "uuid": "bd1c6189-e15d-41b5-a5c3-a13771bcd223", + "uuid": "b79c6b71-8275-432c-b81b-5e628f7b6c4e", "control-id": "ma-1", "statements": [ { "statement-id": "ma-1_smt.a", - "uuid": "953ebd69-174b-46f7-b660-42f2f570564f", + "uuid": "117ebc00-7e8f-4d06-bbd4-9ca2ff6af5c4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c33646ac-0d48-4e1e-91b8-1a56a6567e87", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b8f49815-d191-4be8-a8da-fe3ab20f0afd", "description": "Add control implementation description here for item ma-1_smt.a" } ] }, { "statement-id": "ma-1_smt.b", - "uuid": "ad96ca0d-4782-4554-af09-018d5f8b17c7", + "uuid": "7a14ed63-8fe9-4e76-be9b-20074f034af7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0e3f9236-6644-429e-8960-3abffbe25b84", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1afe6099-7b88-446f-93bd-9efcd03b93d3", "description": "Add control implementation description here for item ma-1_smt.b" } ] }, { "statement-id": "ma-1_smt.c", - "uuid": "ac8ef617-49a8-47a6-b0ac-962de6ff6d56", + "uuid": "2195acce-3a1e-4877-8437-2a83c5033325", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1cf29e48-72c2-4952-b458-6718a6705c2c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "025f3390-6f01-4844-8539-63b6b3579095", "description": "Add control implementation description here for item ma-1_smt.c" } ] @@ -2807,71 +2807,71 @@ ] }, { - "uuid": "1e9ba260-356d-4714-b858-6b1e39a0ea39", + "uuid": "2c7f3fb6-4ec6-46c9-bb07-2f515a8578f3", "control-id": "ma-2", "statements": [ { "statement-id": "ma-2_smt.a", - "uuid": "d677e3dd-9d21-4d69-8f9e-9df3f203597b", + "uuid": "0ecbeeec-2d3e-4659-a1e3-3aa549bb83cd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a9e019f6-0962-4dbf-8912-547b4de85cf2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1fe809ab-854d-4c22-ae57-35be9cb6c800", "description": "Add control implementation description here for item ma-2_smt.a" } ] }, { "statement-id": "ma-2_smt.b", - "uuid": "7ae1bf80-c80f-4fc7-9775-4d68b3128463", + "uuid": "9b76b7ef-a64f-49e4-b484-f5c70db3b6fa", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "44aa623e-5c4d-4a29-b686-3f57a7fbd6e9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9a18569d-b874-4dbe-94a9-7b566b52b94d", "description": "Add control implementation description here for item ma-2_smt.b" } ] }, { "statement-id": "ma-2_smt.c", - "uuid": "fe6ed9a6-5b39-4065-90e0-3eea28c708e3", + "uuid": "86061d8e-f339-4394-adb1-33b3383675dd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "58f1873b-6c6d-4261-b408-97572bb6cd2b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "dae6af81-afb1-4a63-9e86-3fea945beb13", "description": "Add control implementation description here for item ma-2_smt.c" } ] }, { "statement-id": "ma-2_smt.d", - "uuid": "98778446-7b31-4b6e-940e-762cc22fe232", + "uuid": "ba17520b-1bfe-4b0f-981d-00edc0c9cef4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d1246f36-b360-4745-a194-58a48e80f0b3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e6cc0b27-b84f-461d-b5e5-ca56359f978e", "description": "Add control implementation description here for item ma-2_smt.d" } ] }, { "statement-id": "ma-2_smt.e", - "uuid": "0fdfac57-c989-4007-9849-a8a90f8c7676", + "uuid": "1d0eff91-9e08-4530-9a78-6873ae75003b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b53ccfe4-e5ec-40ad-b8d3-42fa9c422399", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7abf8726-db9a-457d-b892-53f2259c78d3", "description": "Add control implementation description here for item ma-2_smt.e" } ] }, { "statement-id": "ma-2_smt.f", - "uuid": "e5636c54-4def-45e6-9bb1-e421a87911ea", + "uuid": "c718673a-3f41-4e21-bed4-67874938e5a6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6f5c5241-cf58-45a4-8f02-ea956eec1f1b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c5409594-87fc-48d7-84ea-3c01d88196ef", "description": "Add control implementation description here for item ma-2_smt.f" } ] @@ -2879,60 +2879,60 @@ ] }, { - "uuid": "edbe27c3-6706-4f9c-a968-a8770f5a3b5b", + "uuid": "2ec7c60c-cb46-4f16-9572-900b2c49f989", "control-id": "ma-4", "statements": [ { "statement-id": "ma-4_smt.a", - "uuid": "d17affbb-c871-4603-a238-4b7aaad8447b", + "uuid": "64f609f7-2ff9-4695-ac78-07fc8f4da2d2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1bf1eaa8-afba-41a3-a7c5-9c97a63e2751", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0fa5c739-66b7-476c-b158-31d527505e61", "description": "Add control implementation description here for item ma-4_smt.a" } ] }, { "statement-id": "ma-4_smt.b", - "uuid": "8a97ebf2-2a7c-46b0-8a13-90cb8e507019", + "uuid": "8633e9f6-747c-4fe2-99fd-c007f2f8b816", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cfcb33f6-b054-4051-8fea-ebd4529d4785", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6f537a04-7c4d-4c7b-9132-28d8048a4400", "description": "Add control implementation description here for item ma-4_smt.b" } ] }, { "statement-id": "ma-4_smt.c", - "uuid": "d88425e8-e718-4220-b453-449f246d288a", + "uuid": "337fc4c4-30f3-442c-b759-554c85e1083c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ea86873d-2ae5-4deb-995d-a9363d02f3c4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f8572dcb-f8ca-47ff-a209-74e04856e995", "description": "Add control implementation description here for item ma-4_smt.c" } ] }, { "statement-id": "ma-4_smt.d", - "uuid": "0b8132c5-d08c-4af5-b83e-1733fdb93382", + "uuid": "d3d4556c-05b8-42c5-8f83-b105fa38b10e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "29395e9c-e0d2-45a4-aa92-cae69bfb2fff", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "479aa1fc-7848-4f80-a490-82ed0c266188", "description": "Add control implementation description here for item ma-4_smt.d" } ] }, { "statement-id": "ma-4_smt.e", - "uuid": "2c9bfc7d-1aee-479f-95b6-774a8dfb847e", + "uuid": "6c91c5ec-e003-41f8-9489-d11b15e587d4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "75ac40b5-542f-4496-995e-30ab9a5e8c94", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "61362036-bd91-4e0e-a13f-386914199f74", "description": "Add control implementation description here for item ma-4_smt.e" } ] @@ -2940,38 +2940,38 @@ ] }, { - "uuid": "47798d85-9016-41d8-9de0-f388e25d5820", + "uuid": "583ed5ad-3210-4690-97f8-b638a41dd5c0", "control-id": "ma-5", "statements": [ { "statement-id": "ma-5_smt.a", - "uuid": "0b50950a-dffd-4180-872a-959324a5a94b", + "uuid": "bde27620-d700-4a34-9a35-a89ba1919398", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "eecf010a-29e2-4e22-b33b-b12ec080f2af", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b07c93b6-8154-46c6-91b4-25bd958409e9", "description": "Add control implementation description here for item ma-5_smt.a" } ] }, { "statement-id": "ma-5_smt.b", - "uuid": "693c5ee9-dd3f-4fce-8a44-7350d0fe1012", + "uuid": "0ea0e181-548c-4843-be0b-24627f36a56d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "73e3f4e2-5eb8-4cb9-8690-2db2f4435564", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2eada05d-09be-4f02-8862-643180d7df20", "description": "Add control implementation description here for item ma-5_smt.b" } ] }, { "statement-id": "ma-5_smt.c", - "uuid": "1480ecb0-7091-443f-991d-16c8c0388a32", + "uuid": "6ed68c5e-d7a0-4e27-aded-5d45d0b33ff9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "aa1ab2b6-f043-46b7-b89d-82787f53af15", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "698202b5-b96b-4373-b636-e79d4db34662", "description": "Add control implementation description here for item ma-5_smt.c" } ] @@ -2979,38 +2979,38 @@ ] }, { - "uuid": "d0c2d26c-2016-45cb-b75d-c33976e93d38", + "uuid": "6fc0dd5a-55fc-4f1b-9eda-b35b131bb592", "control-id": "mp-1", "statements": [ { "statement-id": "mp-1_smt.a", - "uuid": "b962c64d-97f4-4390-a0c2-ae61cb76df01", + "uuid": "0e14c0bc-4755-4b80-af78-adc47d648d43", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "403377bb-1e23-414c-90fc-78783af4b01c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5bc66097-b889-497f-a920-0dadb0221f93", "description": "Add control implementation description here for item mp-1_smt.a" } ] }, { "statement-id": "mp-1_smt.b", - "uuid": "cd007371-e400-4da0-98ca-caeb7bc4ec1f", + "uuid": "7ddd8334-a60e-4221-8a93-55f3bc86c341", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4f3dff23-0754-4413-bab6-6aaa6f1f3477", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d93d89b0-4945-44c8-bd5f-8d101c63ba50", "description": "Add control implementation description here for item mp-1_smt.b" } ] }, { "statement-id": "mp-1_smt.c", - "uuid": "5bc8732e-32fb-4319-8250-7e8faaa1c29c", + "uuid": "c2ece431-d0a5-4222-962d-d968604a120b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c0ef169c-980b-43da-91a7-b96d2cf1c194", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2eadf143-08ff-4d25-83cf-bcfdbc54b0d3", "description": "Add control implementation description here for item mp-1_smt.c" } ] @@ -3018,16 +3018,16 @@ ] }, { - "uuid": "a3372d49-4397-4c4c-a45a-1d264106a5f8", + "uuid": "a84a847d-157b-421e-8a12-28b1ebf9e010", "control-id": "mp-2", "statements": [ { "statement-id": "mp-2_smt", - "uuid": "d5a55e60-182f-4e8d-a92d-fc18b24b0655", + "uuid": "d36b2af7-9867-414d-ae6f-57322d16402b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "31612822-5132-413a-8c75-68520c908fea", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c41f1dc1-141a-435c-b91a-44cc741b3da0", "description": "Add control implementation description here for control mp-2" } ] @@ -3035,27 +3035,27 @@ ] }, { - "uuid": "f40a204d-e69b-478b-ba3a-ada6734b2870", + "uuid": "790c9dab-0cb6-4044-a0f3-c894bc9b848e", "control-id": "mp-6", "statements": [ { "statement-id": "mp-6_smt.a", - "uuid": "40240f00-ca65-4f15-98d8-10e045014ba8", + "uuid": "7aa9281a-4aaa-4198-838e-2f7a3ab6fff3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "67163f36-7db6-4ab6-b317-ff82837bc83e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "968027b7-939d-4dd3-9b40-3a7aa4845a5a", "description": "Add control implementation description here for item mp-6_smt.a" } ] }, { "statement-id": "mp-6_smt.b", - "uuid": "89358f0b-dcaf-4808-b229-ae2ea75ce259", + "uuid": "c6027113-c86c-4a40-86a7-bcf01b353ec1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ff05eaeb-84d2-4aa5-bb74-8f2c685f3d2a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1655d6d4-15cb-45a3-8a24-de96b6bbecfc", "description": "Add control implementation description here for item mp-6_smt.b" } ] @@ -3063,27 +3063,27 @@ ] }, { - "uuid": "682c8e07-efc0-4cf1-8745-0e2d39fc9d8a", + "uuid": "bdc01b36-d74b-4e37-9f53-ce3de26ff253", "control-id": "mp-7", "statements": [ { "statement-id": "mp-7_smt.a", - "uuid": "50fefb2c-e043-4962-8ad5-98f480078666", + "uuid": "1c235771-1bc5-4db2-92dc-ecf14a52f9ca", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "57c7ab8b-e472-44a3-8205-a20d2778c580", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b855953b-ed28-440f-a6cf-905e60028f31", "description": "Add control implementation description here for item mp-7_smt.a" } ] }, { "statement-id": "mp-7_smt.b", - "uuid": "3033fdda-8afd-43eb-97fe-881a45c10730", + "uuid": "4a3edac5-ccb6-4f8f-a636-fd3ceacf5808", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f8f45e65-09a5-4e34-ab00-e81d775508ac", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "03da7a06-922f-4345-be8e-b701ec9719d6", "description": "Add control implementation description here for item mp-7_smt.b" } ] @@ -3091,38 +3091,38 @@ ] }, { - "uuid": "e84272c6-be03-4d18-95e6-8d1db8a65fca", + "uuid": "1d16f277-b831-49ed-945d-399fda5fac3e", "control-id": "pe-1", "statements": [ { "statement-id": "pe-1_smt.a", - "uuid": "3ff059c1-4cad-4556-af38-2762ef2f726a", + "uuid": "bd804b69-2eca-41e6-86e7-83045166ea32", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "af45f881-ede4-463f-8cc1-6b8813a36217", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b40cfe56-3b28-453c-be9b-82168e51a6dc", "description": "Add control implementation description here for item pe-1_smt.a" } ] }, { "statement-id": "pe-1_smt.b", - "uuid": "57a89512-02ed-4179-8f6c-049fd7b17576", + "uuid": "5c3d2f74-bfc1-470f-897d-23fcd1ce2c86", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "78fc9790-3f69-4606-b62d-9b6497e63598", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "49a32e3f-680d-443b-9268-842e1a78a40e", "description": "Add control implementation description here for item pe-1_smt.b" } ] }, { "statement-id": "pe-1_smt.c", - "uuid": "1e0f5c11-63c3-498e-92fb-8a71e5f62899", + "uuid": "a0bb1125-718d-4430-8572-ccc2157fb0c0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b72a8c25-f32b-412d-b9c1-9419a253099f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6ed9af99-c8eb-4cb0-aa6c-ade1d9a4f9e7", "description": "Add control implementation description here for item pe-1_smt.c" } ] @@ -3130,49 +3130,49 @@ ] }, { - "uuid": "102ad31d-3b39-48a0-b746-20c3ce3d7cdb", + "uuid": "d8557c71-51ff-492d-93e0-98733966a44e", "control-id": "pe-2", "statements": [ { "statement-id": "pe-2_smt.a", - "uuid": "125e4d75-1539-4ce0-ae68-5ca322fb65fd", + "uuid": "0b8ebf18-936a-4e17-b60b-aaba6f4b55c2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4ee5fee9-5d31-4601-8128-d166980d04d3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5210c90e-e421-4b88-b07d-0a68a27c601a", "description": "Add control implementation description here for item pe-2_smt.a" } ] }, { "statement-id": "pe-2_smt.b", - "uuid": "b032571f-ae39-4144-8dd9-f65ec75aff86", + "uuid": "dca9d481-b526-4890-8b0a-65bc9b18d08a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "400d8bd2-e3fd-4c70-8f60-7fd8dafd9cc3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "371f8613-8632-4d8c-b531-807334d503b5", "description": "Add control implementation description here for item pe-2_smt.b" } ] }, { "statement-id": "pe-2_smt.c", - "uuid": "8ddfbe83-e662-4c50-b511-b5b44aedf9e4", + "uuid": "b4e01ef9-b33d-4dfc-9030-af58d75edab2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "814f8caa-ef4b-4375-b7d8-b0ed61194a8d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "768263de-fd7c-4164-9e65-0234ef200b7d", "description": "Add control implementation description here for item pe-2_smt.c" } ] }, { "statement-id": "pe-2_smt.d", - "uuid": "25a7b683-3a76-4bb2-9c07-ce0563e01599", + "uuid": "26359ca9-fde7-4de2-9f5c-534be1c2fd91", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a7c68a05-7d20-43c3-b344-c54dfa88d93c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "dbb90db3-12af-4b59-963f-bf4af7821ea3", "description": "Add control implementation description here for item pe-2_smt.d" } ] @@ -3180,82 +3180,82 @@ ] }, { - "uuid": "fc228117-3df5-4d56-8865-eeb8f3c4d3d9", + "uuid": "b0b08e25-b45c-44f8-bf8b-b923b419bc09", "control-id": "pe-3", "statements": [ { "statement-id": "pe-3_smt.a", - "uuid": "7764a7cf-d601-4518-8523-d39a3f6a8cda", + "uuid": "0ecfeab1-e9f0-4c24-973f-8930ca2bf5fd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6fad4074-74b7-473e-9305-569edb1598ff", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b5a28c33-f205-410c-a379-2faaa65ddb0b", "description": "Add control implementation description here for item pe-3_smt.a" } ] }, { "statement-id": "pe-3_smt.b", - "uuid": "59d6b808-af6d-41df-b1a0-a8269b7cf846", + "uuid": "5e1cb478-2774-4f38-8873-ee6fc7c282ae", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "358e340f-2a83-49fe-bcbd-c3414541f344", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "02050a26-b9af-4e7f-a755-5dfcf21b8f64", "description": "Add control implementation description here for item pe-3_smt.b" } ] }, { "statement-id": "pe-3_smt.c", - "uuid": "15c126bc-fef1-4785-b2ba-27fd6c80e9fc", + "uuid": "20d83b5f-eef2-4174-8b8f-345e7c40d6e7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "46df167b-41b8-4e5a-8e29-b7a0200026ae", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4256525c-1465-4537-8c1f-7513a1007e34", "description": "Add control implementation description here for item pe-3_smt.c" } ] }, { "statement-id": "pe-3_smt.d", - "uuid": "c186a76d-54ae-4885-8a96-9dd33dbee64c", + "uuid": "bd740fac-b10b-4bbc-9c30-d520f200bad3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "19aa6698-ff93-4001-9d9b-8c1a956353c0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f01f6651-cf6b-4b0c-a0d0-5b713331e9eb", "description": "Add control implementation description here for item pe-3_smt.d" } ] }, { "statement-id": "pe-3_smt.e", - "uuid": "91f658bb-51ea-4bbc-a54c-fde7e21fdc11", + "uuid": "4efc0122-3304-4e58-92f5-64bbdbcd373b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a8043a07-732a-44a9-8b83-72577fc03536", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a76eedbc-752f-4f04-b3d8-8ff64c93ead6", "description": "Add control implementation description here for item pe-3_smt.e" } ] }, { "statement-id": "pe-3_smt.f", - "uuid": "1d0a0603-3616-4721-9536-daa17de253cd", + "uuid": "06a29fdf-ee9a-4117-b7b3-2281c67105be", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "959f5264-8237-499f-9535-6039a39fbc43", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7920fde0-b034-40c0-97f0-efd72f0ac2e3", "description": "Add control implementation description here for item pe-3_smt.f" } ] }, { "statement-id": "pe-3_smt.g", - "uuid": "235e5eb3-8d99-447d-b278-143fed4ade26", + "uuid": "c8f45b6c-02f2-46e5-aefc-d6af9dc5f61a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "29f6bb94-076e-4a16-91d0-dc13c85d9418", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "2ed1a08e-832a-4518-81fa-87fd88c04658", "description": "Add control implementation description here for item pe-3_smt.g" } ] @@ -3263,38 +3263,38 @@ ] }, { - "uuid": "f02f15d3-b9d7-4700-bc40-cf2d24da2e85", + "uuid": "297b8626-b48c-49b2-8633-910f370ad0fb", "control-id": "pe-6", "statements": [ { "statement-id": "pe-6_smt.a", - "uuid": "03c40a3b-3def-4ff7-a6e4-592ac18cd3ad", + "uuid": "b0cb116c-dc27-4e25-b963-074e2219945d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "524e9ce5-f2bf-4eee-90cf-4b079c9e7357", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f8ebf487-2649-419b-8eb4-4c2790043d06", "description": "Add control implementation description here for item pe-6_smt.a" } ] }, { "statement-id": "pe-6_smt.b", - "uuid": "6b138c19-1824-48ac-9d04-3497544ada5a", + "uuid": "1a798b47-3710-4654-a528-fb767b32622f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "95024e89-428e-4429-b220-50981d1cfeb1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "52f3cc86-6497-4f82-8172-56ba1347e41c", "description": "Add control implementation description here for item pe-6_smt.b" } ] }, { "statement-id": "pe-6_smt.c", - "uuid": "d59c118b-9cf5-497f-8945-108f952c6b12", + "uuid": "e4ef3e39-bdad-482f-89d3-8b21ae8965f9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f7089a4f-4518-40f0-a000-be62da7136d6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "861afa8e-5f2c-4427-b2a3-dbca6232f7d4", "description": "Add control implementation description here for item pe-6_smt.c" } ] @@ -3302,38 +3302,38 @@ ] }, { - "uuid": "c709614f-7c8c-4d27-89f6-c619d6c8533a", + "uuid": "96912423-a77c-42ca-9d5c-2d008a681384", "control-id": "pe-8", "statements": [ { "statement-id": "pe-8_smt.a", - "uuid": "5f31185b-57fb-4947-b4c2-c2fbf0e7c21c", + "uuid": "4987c84b-5a96-4a22-a82f-d1e49bea458f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "99c48d73-97cc-47bc-abe8-840a2d44d98a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9cc24a83-ca78-4c36-96c1-ebfce1638684", "description": "Add control implementation description here for item pe-8_smt.a" } ] }, { "statement-id": "pe-8_smt.b", - "uuid": "ca4ca681-9cce-4e2d-b5a5-3f65359d1b74", + "uuid": "bdf1cf23-b55c-45ed-b2ca-3c33ffe9c0d0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9bc32fad-4398-419a-afa4-4d2b66902cc7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5d90ca45-92ee-4ed4-836a-36d96f06d3dc", "description": "Add control implementation description here for item pe-8_smt.b" } ] }, { "statement-id": "pe-8_smt.c", - "uuid": "ea39ac27-fafd-46ab-b281-297451346dfb", + "uuid": "bcb80d2a-c56f-4a30-bb60-d6c6f9b16fa6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1123983a-e422-4027-8ff8-ca67a6a8676f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c1d1dd4a-1ad6-4b44-8567-ffcdffea7438", "description": "Add control implementation description here for item pe-8_smt.c" } ] @@ -3341,16 +3341,16 @@ ] }, { - "uuid": "e7b31f9b-fbb9-4166-b633-6695b98cb72a", + "uuid": "751b79ad-fbd4-4669-b82c-94ae9140cc86", "control-id": "pe-12", "statements": [ { "statement-id": "pe-12_smt", - "uuid": "1d601534-380e-4585-847f-3cf2e5a54d7a", + "uuid": "b826a355-e311-41bd-b98a-d53746a2321b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d424fabf-ac2d-4de2-8a45-eced2c016688", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c376cc91-04a0-4293-8010-4b3a8c6db153", "description": "Add control implementation description here for control pe-12" } ] @@ -3358,16 +3358,16 @@ ] }, { - "uuid": "339cc4f4-dafb-499d-a5ca-19ac63835fa0", + "uuid": "34c4d544-c20c-4bdd-9063-658d89cf5c8c", "control-id": "pe-13", "statements": [ { "statement-id": "pe-13_smt", - "uuid": "2236b2d9-9f3c-4206-ad47-4de0277e45a8", + "uuid": "b777a147-9edd-4f54-b89f-8d1c9c6f2319", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "93521645-fccd-4142-8b14-1ad41e29c4b8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6e655cb9-f91f-4e3d-874f-1b5c6061728f", "description": "Add control implementation description here for control pe-13" } ] @@ -3375,27 +3375,27 @@ ] }, { - "uuid": "5072599f-4a4b-438a-a3ae-5e95ff889ea1", + "uuid": "d743e7fe-13f6-4dfa-a46b-ca2d0f16c7fe", "control-id": "pe-14", "statements": [ { "statement-id": "pe-14_smt.a", - "uuid": "7a4270ab-bca1-4584-9956-1ed6d088788f", + "uuid": "9fc4357a-4bde-4b78-b459-0e953cb1995c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "697b0111-4838-4966-9fb9-a9d0a96f8f1e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4f4559a9-f1f5-4903-bcf4-84f359481f3e", "description": "Add control implementation description here for item pe-14_smt.a" } ] }, { "statement-id": "pe-14_smt.b", - "uuid": "c2ad0fef-a8fd-4c2c-9dc0-45d877fbe055", + "uuid": "0a4e4407-e91b-4395-8b68-4666dfc6d081", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7c1ea48c-6227-41f9-8bb3-0acd0f2875e7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d3c27e7b-bd44-49a1-89bb-483d5d6e10a0", "description": "Add control implementation description here for item pe-14_smt.b" } ] @@ -3403,16 +3403,16 @@ ] }, { - "uuid": "afae845a-0b87-419d-ab83-c83fe40d7fa4", + "uuid": "69b5cada-4929-4c1a-b876-364198d3ea97", "control-id": "pe-15", "statements": [ { "statement-id": "pe-15_smt", - "uuid": "28699095-3798-45eb-aa39-9a5f5ff53743", + "uuid": "5367f683-6898-4749-8303-3044a5322b31", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "488d5b77-f0cf-4887-ac44-be94a9c231a7", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b2e89d64-5e3e-41d5-841f-4e6259d119b3", "description": "Add control implementation description here for control pe-15" } ] @@ -3420,27 +3420,27 @@ ] }, { - "uuid": "898879bf-fd6c-452d-a2c7-2db50331086b", + "uuid": "835ca8d7-68c4-45f3-929d-14a08a8cb3ca", "control-id": "pe-16", "statements": [ { "statement-id": "pe-16_smt.a", - "uuid": "8d5c2804-9cf4-4207-86cd-a3a6ea211ec6", + "uuid": "c643ab39-49d0-4fbb-af92-4c0e467284e3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e5afae44-f390-43fc-a738-166107cbfc61", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3922a795-8cdf-409f-8f4e-aa4fe960750d", "description": "Add control implementation description here for item pe-16_smt.a" } ] }, { "statement-id": "pe-16_smt.b", - "uuid": "04165a54-9e03-413e-8a55-8121a0c4a0c8", + "uuid": "ee91e53b-c567-46e3-b0ae-a6f94686c4ea", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a0904149-7605-4574-9016-a92bc5198096", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "496e9156-bab8-45b5-b91f-288b1730f427", "description": "Add control implementation description here for item pe-16_smt.b" } ] @@ -3448,38 +3448,38 @@ ] }, { - "uuid": "b7218208-0d95-4a2b-90e4-9ad17f75c8b4", + "uuid": "1f37a0e2-abab-4113-9c3a-82581d0c1c60", "control-id": "pl-1", "statements": [ { "statement-id": "pl-1_smt.a", - "uuid": "676d8843-0059-4f76-9973-bb88df4ba4a8", + "uuid": "3fc0496a-8cbe-42af-94fa-b869464f9b4b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0be439b2-3c43-4500-bbc8-51d701926419", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4eef9af6-4397-4856-ab65-9065041e8c03", "description": "Add control implementation description here for item pl-1_smt.a" } ] }, { "statement-id": "pl-1_smt.b", - "uuid": "c8235c75-c986-45a1-a27c-04b05a214076", + "uuid": "31590b49-8792-43fa-ae4e-d7a68cd101ac", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4217f169-2a08-431a-a548-e5ee70f27a30", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cb292fb6-2d72-42cf-a8d4-0cc37b005e7d", "description": "Add control implementation description here for item pl-1_smt.b" } ] }, { "statement-id": "pl-1_smt.c", - "uuid": "07f68fdf-2395-4692-9d4c-6c26abc293bc", + "uuid": "a786bb85-78ec-49de-8cd0-7fb08e5d5923", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "67ea80fe-7968-4683-a4b0-d4b48c3fa7f6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "881b94bd-feba-491b-9be8-943228ca04f6", "description": "Add control implementation description here for item pl-1_smt.c" } ] @@ -3487,60 +3487,60 @@ ] }, { - "uuid": "5b3b5ce9-de47-4a1a-87de-d9e33a955922", + "uuid": "4a68f80e-7853-4985-9f01-9e269a85bb5a", "control-id": "pl-2", "statements": [ { "statement-id": "pl-2_smt.a", - "uuid": "0712164a-6b17-4441-920f-85e17b08c21f", + "uuid": "9e58f26e-f8cd-4cf8-aa95-3cb250365369", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "95dbc604-4fd5-47d0-aaef-4fe9e1131a08", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b1cb4d92-1023-426d-86b1-d1eb6df2c573", "description": "Add control implementation description here for item pl-2_smt.a" } ] }, { "statement-id": "pl-2_smt.b", - "uuid": "18074902-793d-4c10-90c8-056ae6db2d0a", + "uuid": "df8adfef-5a26-4c02-abd5-7af8f828dcbc", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "af33f2c5-5e0d-46b3-900e-edc7a5e5af98", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8e3ae927-9b19-4397-915b-9fd4e888cb65", "description": "Add control implementation description here for item pl-2_smt.b" } ] }, { "statement-id": "pl-2_smt.c", - "uuid": "1617d514-1da5-4e89-b625-fce9510aa26e", + "uuid": "7aafe5a1-e942-4ca4-b8c8-9325cfb98098", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "39fce2ee-6345-403a-9117-848517bacfb1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b79f2438-8485-4840-b893-a340677e6e26", "description": "Add control implementation description here for item pl-2_smt.c" } ] }, { "statement-id": "pl-2_smt.d", - "uuid": "008efc1d-1dbc-4f4e-b8ba-923ecf38890c", + "uuid": "87b2b1ee-99ff-480c-821a-7f3cea5fa9bd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d0859dec-13b6-45ce-8194-0afb2bb84c60", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cac31818-5443-4700-b700-02dea4de8a45", "description": "Add control implementation description here for item pl-2_smt.d" } ] }, { "statement-id": "pl-2_smt.e", - "uuid": "8737b722-e442-4395-9bdf-9d89328dd336", + "uuid": "8bf73f8b-45b8-4e97-a17d-335fd0cd9548", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "34b9966d-17fb-4a7a-9bc4-88ed75c06007", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d0b0111d-6daf-4c53-89a6-a0ecd5230254", "description": "Add control implementation description here for item pl-2_smt.e" } ] @@ -3548,49 +3548,49 @@ ] }, { - "uuid": "5c31d648-f0de-44ee-9c8e-f2e0d3f17d95", + "uuid": "9cc795e5-db88-4c75-bf33-506f62b3e38a", "control-id": "pl-4", "statements": [ { "statement-id": "pl-4_smt.a", - "uuid": "1d741163-2ecf-478e-bfd2-70c10660ee7b", + "uuid": "6a4792cd-c009-4ace-94d6-e9e3ecbcef9e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e88d1d4d-972e-4056-b5b1-6151fec65dfb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f98934c2-6d41-459f-8fdd-cae850830078", "description": "Add control implementation description here for item pl-4_smt.a" } ] }, { "statement-id": "pl-4_smt.b", - "uuid": "bd756d6b-f211-4803-a77e-54118e61d554", + "uuid": "4fc5cbf7-906a-4cb7-be55-9d2f1adda063", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "077323f3-fd84-442c-8b22-4ce8b0865820", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5fae956b-5b3e-4113-bdef-b623caa60e89", "description": "Add control implementation description here for item pl-4_smt.b" } ] }, { "statement-id": "pl-4_smt.c", - "uuid": "3b7d90a3-ee87-4981-9248-43dc484e2044", + "uuid": "b2f1269d-bec4-4f90-a7ce-c366fe52c5ce", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dcab4149-b99e-40d2-be90-3e6a18e101fd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4a3ebe6a-18f2-4b5e-97f2-a6e7516eacf2", "description": "Add control implementation description here for item pl-4_smt.c" } ] }, { "statement-id": "pl-4_smt.d", - "uuid": "eafe11be-41ae-405b-b40c-67afb1f449d3", + "uuid": "3b2c6f3a-c5c0-4de2-b18d-021e3e18a4c6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d0ff3c40-a4b5-43fa-bc1d-127e3edf96b6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6d9dad09-12d4-4caf-a7f5-f97e2704b61d", "description": "Add control implementation description here for item pl-4_smt.d" } ] @@ -3598,38 +3598,38 @@ ] }, { - "uuid": "ba1b7f05-25b2-4941-bd0b-d8c5fd884e29", + "uuid": "75480c8e-a31c-4cb6-9114-1397e5e3305c", "control-id": "pl-4.1", "statements": [ { "statement-id": "pl-4.1_smt.a", - "uuid": "1a95424b-2836-4926-a186-26364eae68eb", + "uuid": "b0fc1ea1-2046-46b7-852a-ab9a7da4cdf5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dacefb28-9f08-4313-8d8a-47f568cf65c6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9cc13f75-637b-437e-bee8-498139799619", "description": "Add control implementation description here for item pl-4.1_smt.a" } ] }, { "statement-id": "pl-4.1_smt.b", - "uuid": "2cace79c-042c-4ffc-93e4-d72cf704b3b1", + "uuid": "3fe500e1-4f54-4e1c-bb77-796b56048d16", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "83917360-9ed7-447a-9c27-8d67e4bd45aa", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "51c19f62-6e35-4e80-b164-b29b84f3c36d", "description": "Add control implementation description here for item pl-4.1_smt.b" } ] }, { "statement-id": "pl-4.1_smt.c", - "uuid": "fa2d5fd0-06b0-494a-9e0e-25f5cde85e2c", + "uuid": "98ca0221-07e6-4251-a154-344d9d942dd2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a29ee874-c6b3-457f-9924-28bd7b724d33", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "013ee6cc-62a2-479a-af0e-50a53ba2576a", "description": "Add control implementation description here for item pl-4.1_smt.c" } ] @@ -3637,16 +3637,16 @@ ] }, { - "uuid": "d2a47f61-79d9-4383-bdec-0d1a4f346838", + "uuid": "a52dde65-ed88-4957-b853-855c1be23b89", "control-id": "pl-10", "statements": [ { "statement-id": "pl-10_smt", - "uuid": "c3be76b2-9d88-416a-9ba1-c9a5c8a8e10f", + "uuid": "97196c2d-336f-4245-9bff-38817a520e88", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c81aee8f-2609-4919-b53c-1aab12dc6c1e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c3599470-6728-4d6f-884d-a1c62b8687c4", "description": "Add control implementation description here for control pl-10" } ] @@ -3654,16 +3654,16 @@ ] }, { - "uuid": "64715dd8-9dcd-4db0-89db-4c01cbc73c80", + "uuid": "a085a544-7e36-4cf8-b5d6-8a3c0a2b3458", "control-id": "pl-11", "statements": [ { "statement-id": "pl-11_smt", - "uuid": "f24a2226-28a1-4eab-9206-ce5e8940861e", + "uuid": "d7cdebe5-71fa-4051-8bd5-64c1b93bcb96", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fe94a65e-2f7b-41b8-a439-8c1f7d9a1b97", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9fb313b2-ca1a-4df5-b8b5-67ca87f85606", "description": "Add control implementation description here for control pl-11" } ] @@ -3671,38 +3671,38 @@ ] }, { - "uuid": "6f49c613-203a-4112-a538-ffd6af19ef24", + "uuid": "ac74e7b9-5a32-4eaf-a6c3-783e8dbc110f", "control-id": "ps-1", "statements": [ { "statement-id": "ps-1_smt.a", - "uuid": "48799abf-c948-4e21-9d94-2ad555be082a", + "uuid": "c081d397-1081-4968-a3db-989da786181b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "799b84c6-4288-4238-9727-c09fa1005d1a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "526e19c3-40e6-4c2a-adec-79c4c0de5555", "description": "Add control implementation description here for item ps-1_smt.a" } ] }, { "statement-id": "ps-1_smt.b", - "uuid": "570cb6e5-9b55-4329-9dcc-de66efdbfd06", + "uuid": "660ba12a-2d30-4f46-bf69-7fb7b3d00b1a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "87b6f4c5-80f8-4234-9796-f885b88af083", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "10457985-654d-42c7-b0cd-31d4d96d0286", "description": "Add control implementation description here for item ps-1_smt.b" } ] }, { "statement-id": "ps-1_smt.c", - "uuid": "c3bd486b-3f33-4625-9cd3-ce8f45698d28", + "uuid": "e609f999-d46e-4c32-90d6-383cb83c7c60", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3aaa0dad-28cb-4fa2-b5f2-95b988382384", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "69064f7c-fb87-42aa-abf2-9a1751d00914", "description": "Add control implementation description here for item ps-1_smt.c" } ] @@ -3710,38 +3710,38 @@ ] }, { - "uuid": "aec40da8-1066-4a67-ab82-cfc554cb5d18", + "uuid": "3016270e-348c-482d-8b12-035951500aaa", "control-id": "ps-2", "statements": [ { "statement-id": "ps-2_smt.a", - "uuid": "f09693d7-deae-4f23-bbfe-7681dbe56fe2", + "uuid": "ae3aaecf-ffd6-4212-ba11-70ec15a06894", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0cc4e9c0-aa17-462a-b7f0-05bc71e10d93", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f84b5767-bcfb-4d43-bbcd-a2d74f86d36c", "description": "Add control implementation description here for item ps-2_smt.a" } ] }, { "statement-id": "ps-2_smt.b", - "uuid": "51319c79-bc23-4a67-b371-4e3a24ffb63f", + "uuid": "3694e7b0-d0fd-4155-825b-f9520c57c1b5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "35be4b06-5ba4-482b-b761-08dd5b5b5f5e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "828edebe-5f74-494a-b94c-74b56d1fd195", "description": "Add control implementation description here for item ps-2_smt.b" } ] }, { "statement-id": "ps-2_smt.c", - "uuid": "f131e2c1-4c55-40a1-9c78-350158e70fd9", + "uuid": "9e68e953-f152-4997-9325-ed63256c9a19", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "42daa76c-bc10-435c-99b2-edc672b589cb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e8b3d543-c420-4465-bbe7-198eab3f84fd", "description": "Add control implementation description here for item ps-2_smt.c" } ] @@ -3749,27 +3749,27 @@ ] }, { - "uuid": "de182d4e-c59a-4395-83f9-1ae7ad6e7f47", + "uuid": "1eaff884-88af-457b-b74e-4d3008f1e914", "control-id": "ps-3", "statements": [ { "statement-id": "ps-3_smt.a", - "uuid": "0d6a06fd-8360-4129-ad9e-6d4e4b8d5427", + "uuid": "24601b30-9f74-4a22-9b04-c54a5daa29ed", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3bd901f7-08aa-42c8-9ed2-d545da11fe9c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0a249071-4539-49eb-a7c4-817fce80b2a1", "description": "Add control implementation description here for item ps-3_smt.a" } ] }, { "statement-id": "ps-3_smt.b", - "uuid": "d9d8be84-bcab-4680-bc0a-418de2c5ead7", + "uuid": "07a150d8-e8d7-4719-85f9-96cbbef14370", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d4d71440-d86c-4e48-8606-1d8c7a62a9ad", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d758915c-65f7-446b-8f48-2682ec4d137b", "description": "Add control implementation description here for item ps-3_smt.b" } ] @@ -3777,60 +3777,60 @@ ] }, { - "uuid": "c864944b-725b-49ce-9572-0ef7b3892576", + "uuid": "ceca4b4b-6a87-4c9d-b09d-8c399e137998", "control-id": "ps-4", "statements": [ { "statement-id": "ps-4_smt.a", - "uuid": "9d6f3da1-42a7-4ef8-9772-3c40be9abad8", + "uuid": "e198fcff-6b02-48b4-bb99-18cea4cc3269", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cdce570a-5a27-4d4b-a8f0-7d31a3f241ad", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d1b8f81e-2b78-4905-9a9b-23708ffad393", "description": "Add control implementation description here for item ps-4_smt.a" } ] }, { "statement-id": "ps-4_smt.b", - "uuid": "1d9e15e7-7411-4607-b1f0-a908f9605f72", + "uuid": "42628f84-1b16-46a7-b0c0-975d531da971", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8fe497c3-3d30-45c2-ac42-502b5e5bd66c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a66ea27f-71a0-4a42-8f25-5e800278f082", "description": "Add control implementation description here for item ps-4_smt.b" } ] }, { "statement-id": "ps-4_smt.c", - "uuid": "3d6326af-d35b-41e2-a547-153e49a33d39", + "uuid": "7a14d6f9-043e-4d48-be0b-07f888fa0754", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fe815c00-8637-491b-8733-9abda8faa52d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6784ceb5-75b5-4996-84fc-b96e2bd397a8", "description": "Add control implementation description here for item ps-4_smt.c" } ] }, { "statement-id": "ps-4_smt.d", - "uuid": "f1165a50-c36f-447b-a24c-686e0a2d1fe3", + "uuid": "2c82626d-e06f-49a7-9119-fa5b86db382e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e69d2c4c-1fe3-44d7-b6d3-baf616dc56b0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "be57271f-30ed-40f8-a244-88d80b2f524d", "description": "Add control implementation description here for item ps-4_smt.d" } ] }, { "statement-id": "ps-4_smt.e", - "uuid": "5c6a0708-1523-4885-a012-1145400dca03", + "uuid": "88074892-87ec-4b6c-86a6-e2442603187a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4d2946fc-c9fe-4c27-8a37-bc78d7f069b0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6cc7c16b-06d6-420c-b08d-82bb32611ecc", "description": "Add control implementation description here for item ps-4_smt.e" } ] @@ -3838,49 +3838,49 @@ ] }, { - "uuid": "3c08c956-b2f9-459d-9a4b-43daaae858f0", + "uuid": "4d8862e8-ddde-4deb-a069-7bbec2a113a2", "control-id": "ps-5", "statements": [ { "statement-id": "ps-5_smt.a", - "uuid": "55416fad-aee6-4555-8bae-93b3c56103b9", + "uuid": "0411d4e3-5845-4402-8f6c-d12000cb9bfa", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1c8252bf-ab3e-429b-93c5-bec9ee339daf", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "635b912e-59e5-49bf-a6f6-ac5f2a89ba34", "description": "Add control implementation description here for item ps-5_smt.a" } ] }, { "statement-id": "ps-5_smt.b", - "uuid": "838c7831-f803-41c9-8996-edb4817faa94", + "uuid": "0bbeab02-3115-4975-ad20-ffeb3177cfa4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "02e342a4-c486-465f-ace9-e10c14b45398", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9baa9d2f-e286-4285-afde-03cca071ebee", "description": "Add control implementation description here for item ps-5_smt.b" } ] }, { "statement-id": "ps-5_smt.c", - "uuid": "6496173c-c009-48c0-9c26-4ba37aa1c224", + "uuid": "2e240a59-ed02-486e-808b-8b065a168e36", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "da946fba-c6a8-4812-8511-c2e8b585950d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5ac1cfb9-2013-4f29-b10b-1d60ca78333f", "description": "Add control implementation description here for item ps-5_smt.c" } ] }, { "statement-id": "ps-5_smt.d", - "uuid": "da98854e-4840-4634-b342-a81b112e3943", + "uuid": "b2f500ed-5e13-425a-aabb-92b8a73c064c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "03912029-634b-4d27-87e6-bd8bae345784", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3003572a-c650-48f2-a755-0ce4cfabfab7", "description": "Add control implementation description here for item ps-5_smt.d" } ] @@ -3888,38 +3888,38 @@ ] }, { - "uuid": "6ec4e941-fdcd-4b29-96fb-e48c69d770f2", + "uuid": "1205d210-66e6-4115-974c-178d71b792ba", "control-id": "ps-6", "statements": [ { "statement-id": "ps-6_smt.a", - "uuid": "9dda943e-f4fb-4b83-940e-ac541b3e391a", + "uuid": "d79a66a9-5577-4437-8eb1-90b307a9f302", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "907d4b4f-ecc8-4c2d-b693-73acd34d05d2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4acfc13d-dd20-481d-a6a9-31c18b6047ea", "description": "Add control implementation description here for item ps-6_smt.a" } ] }, { "statement-id": "ps-6_smt.b", - "uuid": "39d4cd70-3704-4da0-82a7-4ee628438dc2", + "uuid": "d9fce1bf-38e7-455c-86f2-88ee5ad8d535", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "67a57dce-e755-49d0-8158-331014729218", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "62d1c3bc-8543-4a86-9c55-1af76aefbec7", "description": "Add control implementation description here for item ps-6_smt.b" } ] }, { "statement-id": "ps-6_smt.c", - "uuid": "208083eb-681a-4810-9a76-b5153f55de90", + "uuid": "e4430e42-e5c4-4053-bc68-036668247aa3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f8c187ff-685b-400b-9e96-3ca0bfae237a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "eb68812a-a1bc-44b9-af2d-a63938f76a8d", "description": "Add control implementation description here for item ps-6_smt.c" } ] @@ -3927,60 +3927,60 @@ ] }, { - "uuid": "89730a9f-4511-4325-a6ac-afb43e4199f7", + "uuid": "c73ff774-5e7e-4b8c-baf5-b6819aa17266", "control-id": "ps-7", "statements": [ { "statement-id": "ps-7_smt.a", - "uuid": "9ff1203b-1590-4145-b07a-2630d01a8595", + "uuid": "59a34781-c7aa-4784-b9af-2524dad15da0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ed94d385-23ec-4201-9487-ce71cffb9cea", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d56804c9-8907-433c-b4bb-945df9f8daf4", "description": "Add control implementation description here for item ps-7_smt.a" } ] }, { "statement-id": "ps-7_smt.b", - "uuid": "86c3beba-ffa4-4cd9-88fe-e4f168e5c251", + "uuid": "30204459-0fc5-4745-a6bd-641988d945d6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4d9b3a70-d27b-460e-9c23-51855af4f38a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d9359edd-5c93-440f-a68b-c543a9ca7b4e", "description": "Add control implementation description here for item ps-7_smt.b" } ] }, { "statement-id": "ps-7_smt.c", - "uuid": "965e2703-6082-4eb7-b172-b899673a2d0d", + "uuid": "54d20898-48c0-4242-9011-47413b2f9da5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6b995440-40a8-4afb-b1b9-b4899ad308fb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5c0099c2-ce73-42ea-91b1-9086bf78f7a2", "description": "Add control implementation description here for item ps-7_smt.c" } ] }, { "statement-id": "ps-7_smt.d", - "uuid": "54f4d00e-1827-4a83-b636-4ba5130e82f1", + "uuid": "c1b3eb8e-8942-42ac-a587-4171aa6a8b7b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "391ddeed-efcf-4454-96f1-cca928b2583a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f755a908-53d2-4acd-bdf6-14ec04518a88", "description": "Add control implementation description here for item ps-7_smt.d" } ] }, { "statement-id": "ps-7_smt.e", - "uuid": "f6f0f754-9730-4138-9bfc-8325349fbde1", + "uuid": "a05bcb0a-3c80-43b8-b3bd-c65db0f63556", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bb617752-b095-4420-81ad-aed62945b0c9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fc8869e6-e33e-4708-b3bf-c6aca973de0e", "description": "Add control implementation description here for item ps-7_smt.e" } ] @@ -3988,27 +3988,27 @@ ] }, { - "uuid": "0b425cd6-0a3c-4bc6-8ac8-7aeb649f45b1", + "uuid": "83053b87-4836-4d2f-966e-58f74914b2bb", "control-id": "ps-8", "statements": [ { "statement-id": "ps-8_smt.a", - "uuid": "6852a104-3981-41af-9cf0-79641bca8354", + "uuid": "74576ad1-b1bf-48aa-a0f7-f492110e5679", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b58d9c01-8a55-4100-9fab-edf51bef85ba", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "47932959-ca81-4091-9cd4-e1956dc1600c", "description": "Add control implementation description here for item ps-8_smt.a" } ] }, { "statement-id": "ps-8_smt.b", - "uuid": "2635fab8-c873-46c0-9bc2-14c6bd26a56d", + "uuid": "7fbf90c3-cd8a-4a8f-94c2-c47eae5307a0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fd2e1fb6-850f-4d8b-8bc8-f91c2938b9dd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6b97b43c-9307-45b3-835c-8775565d84cf", "description": "Add control implementation description here for item ps-8_smt.b" } ] @@ -4016,16 +4016,16 @@ ] }, { - "uuid": "dcbaff20-59ca-4c18-b810-cc39456b0365", + "uuid": "d2c8eac5-ba81-42cb-bccd-b2628024c16f", "control-id": "ps-9", "statements": [ { "statement-id": "ps-9_smt", - "uuid": "86c55f5b-65f7-4d46-96ee-79d26f6cfdc6", + "uuid": "91bd1261-ddc9-482f-8d40-99e97aeb18d9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5cd8c60f-cb8d-4d52-9006-59eec1a133b8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9b7494f8-d704-4d2b-8295-fdf139537df9", "description": "Add control implementation description here for control ps-9" } ] @@ -4033,38 +4033,38 @@ ] }, { - "uuid": "67062f9e-0fb3-4385-acfa-39bace91d383", + "uuid": "98651ad8-cf2c-4a2e-9c7e-4588ac4ffbaa", "control-id": "ra-1", "statements": [ { "statement-id": "ra-1_smt.a", - "uuid": "86e924ff-96e9-4f74-87ea-1453b5054e3a", + "uuid": "6144d9db-7c6a-4104-b111-3411cafefdf5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f616b59f-2d2a-4100-b7ad-d5a2ec7e7d02", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "63bb3858-d5ad-4791-9d22-fcf810e2f677", "description": "Add control implementation description here for item ra-1_smt.a" } ] }, { "statement-id": "ra-1_smt.b", - "uuid": "8e0b7857-ab11-44ab-9e2a-a94a8c14e1f5", + "uuid": "12a49e8d-868f-4ff8-abc5-d59533276fb7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a908430b-533c-403b-b750-efb5aed56537", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c2926c43-82c5-4488-9f7e-bd1a2b18d075", "description": "Add control implementation description here for item ra-1_smt.b" } ] }, { "statement-id": "ra-1_smt.c", - "uuid": "064d0a2c-712b-481a-8741-a9604c108b9c", + "uuid": "94ab47d9-e343-40ab-a1fd-040b88f499d1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6795013d-0668-493a-bf73-aa1ccb9aa56f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fe118adb-d7d5-4858-8dc6-208d54b79e7f", "description": "Add control implementation description here for item ra-1_smt.c" } ] @@ -4072,38 +4072,38 @@ ] }, { - "uuid": "f3bdb162-7500-4c73-a1b9-6fdfea087595", + "uuid": "d24fef41-6ef4-47f4-a873-9a4fc5908628", "control-id": "ra-2", "statements": [ { "statement-id": "ra-2_smt.a", - "uuid": "cd2ae254-a756-4381-b470-bd2a28289263", + "uuid": "6170c2f1-cbf1-4283-acf0-9982bff82418", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dd36eb25-8608-49f2-9971-8e846b4aa3a6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6ef51451-2907-46f5-9233-d4dccc6fb86b", "description": "Add control implementation description here for item ra-2_smt.a" } ] }, { "statement-id": "ra-2_smt.b", - "uuid": "14cc24da-9989-40d7-ae6f-142afe142853", + "uuid": "d734625f-97d8-4d64-995a-2b2ca6388b81", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "91a7fbcc-5bb8-4be5-8b3d-f12a35f249c9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5f42067a-e154-43d7-b47b-71ba5fabc422", "description": "Add control implementation description here for item ra-2_smt.b" } ] }, { "statement-id": "ra-2_smt.c", - "uuid": "e608f056-03e6-46eb-85a4-d71c61c6637a", + "uuid": "60c4f7c3-0229-42ad-af84-a4e35e4aa693", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "741f93b4-c427-4ae4-86b5-414bd9db9be4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7b7b7643-8ca4-4ada-928f-cbe1ab4b0881", "description": "Add control implementation description here for item ra-2_smt.c" } ] @@ -4111,71 +4111,71 @@ ] }, { - "uuid": "413d36e0-6e77-499a-9d9a-6404ce62aa76", + "uuid": "a348af7d-5c26-468d-9576-70f37a98ce4e", "control-id": "ra-3", "statements": [ { "statement-id": "ra-3_smt.a", - "uuid": "01de1f57-a4ee-4e5d-b6d2-6e9f30fbb1c8", + "uuid": "176e23d3-35e6-4ede-9335-46937c5b7597", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "71260e3e-918b-49aa-854a-66d17f1a5baf", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7b4bd3e6-ac14-4fab-90a2-8989d9b82775", "description": "Add control implementation description here for item ra-3_smt.a" } ] }, { "statement-id": "ra-3_smt.b", - "uuid": "2aa58002-56e3-432c-a33f-91b20400e9ff", + "uuid": "0764ebf4-ec88-4976-b17f-3a07a41211d9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4fb0ef2a-b1a0-4512-be59-330c537f9d54", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "764fbd91-71b1-4cfa-90a3-110d5d728b14", "description": "Add control implementation description here for item ra-3_smt.b" } ] }, { "statement-id": "ra-3_smt.c", - "uuid": "e37e3791-969c-4bce-82bc-6ce14b49dea4", + "uuid": "0b4b900d-a38d-474d-8286-37d8332cfed2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3b0cc859-4192-43a9-894c-d5701a960df4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8ed80e21-e41e-4321-9373-53b0783e2f66", "description": "Add control implementation description here for item ra-3_smt.c" } ] }, { "statement-id": "ra-3_smt.d", - "uuid": "04f6ee55-04e0-4bca-a5bd-bac604e6088b", + "uuid": "fd79021a-bea9-42c8-b853-2ee901e558e7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "88b99f9b-8258-4b0a-bda8-313233b81ce8", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "477f774b-0008-45e7-bce9-01e0169d5dcb", "description": "Add control implementation description here for item ra-3_smt.d" } ] }, { "statement-id": "ra-3_smt.e", - "uuid": "e49b7c33-6428-49f7-90dd-c9b4780ac6e3", + "uuid": "7575227c-7fe0-4dce-b157-9d7e9366497c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "efbb58a5-0694-40af-8644-908fc06074b9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9ff858ae-a350-46e2-a4c6-8b0c137d7010", "description": "Add control implementation description here for item ra-3_smt.e" } ] }, { "statement-id": "ra-3_smt.f", - "uuid": "799e89a8-da9b-4968-9f0e-927becbeb61b", + "uuid": "876b965e-53f5-450e-a300-53d783a6a807", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8b030b2e-3533-4fc3-b78c-3d52586d05b1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "26300b54-9712-4aac-86bb-5b7accd0b894", "description": "Add control implementation description here for item ra-3_smt.f" } ] @@ -4183,27 +4183,27 @@ ] }, { - "uuid": "35388741-1392-442f-a5b3-26b005c97a3c", + "uuid": "1d921d06-47a6-4f6e-a156-f5370cdc34f3", "control-id": "ra-3.1", "statements": [ { "statement-id": "ra-3.1_smt.a", - "uuid": "4d8b4be6-3cda-4352-bab4-b3390dc39573", + "uuid": "199ded9d-d4ca-41a4-ad0b-bfe67e1b1341", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "441fd83c-58db-420d-8fa5-742e0a555b2f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a15d95db-90bd-4727-a821-9c5b7303c209", "description": "Add control implementation description here for item ra-3.1_smt.a" } ] }, { "statement-id": "ra-3.1_smt.b", - "uuid": "77c7a9b8-c607-4cb8-bc5f-ba88bd13018a", + "uuid": "89d31005-f626-48a0-b2d5-deceefc870b1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1cef4a5f-94bf-41f4-8806-5e819ef46b43", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9524f913-e8e8-4cc2-bc62-b83da9d3b8d3", "description": "Add control implementation description here for item ra-3.1_smt.b" } ] @@ -4211,71 +4211,71 @@ ] }, { - "uuid": "104e9590-dbfc-49f2-9e43-848907663c6e", + "uuid": "63b62beb-ece3-4653-9945-07457099320c", "control-id": "ra-5", "statements": [ { "statement-id": "ra-5_smt.a", - "uuid": "fdff3d7e-7d92-49be-942c-9dab72d650a6", + "uuid": "e6c05b96-e62e-4e1d-ad24-9c84300103c3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "706abf81-8135-458d-8d8a-8d84b3d2e610", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1c37aafd-8070-4f48-a2a3-02780b9d2382", "description": "Add control implementation description here for item ra-5_smt.a" } ] }, { "statement-id": "ra-5_smt.b", - "uuid": "a65712c1-d587-4fe8-92ec-6d5accbf9c3c", + "uuid": "e8144e8b-4a87-4be8-bedc-2a317f009c07", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1b1fbbe4-9119-4341-8996-994fcbe5df08", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "69e7d89d-c6d4-494b-898d-36d0150ee619", "description": "Add control implementation description here for item ra-5_smt.b" } ] }, { "statement-id": "ra-5_smt.c", - "uuid": "8c4b2348-98b2-4f8e-ae90-a402f0c0a3a3", + "uuid": "2c35af31-b656-4059-a4f0-3c2f0d26199c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a251fcd5-350e-4c86-85e6-06f9ee6a27b3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "232a1b35-00a6-47d8-b6c3-e12307e10b9b", "description": "Add control implementation description here for item ra-5_smt.c" } ] }, { "statement-id": "ra-5_smt.d", - "uuid": "e7f17854-f85c-4372-bc13-732056071e95", + "uuid": "1db4be08-281c-41dd-930a-32572180a653", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "13125afb-9c59-42b4-bddd-7d6982f88643", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3a46dab8-c849-4880-ad58-ecc4cb5c1f86", "description": "Add control implementation description here for item ra-5_smt.d" } ] }, { "statement-id": "ra-5_smt.e", - "uuid": "6ee6b470-4d2c-4f02-87e3-9a501ee9d1d2", + "uuid": "7c6c43e2-11be-43c6-baf7-f9643f269183", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "36d00b5f-567b-4382-a124-cd522dad95dc", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "65530698-be39-47df-b67d-d246d0c769f4", "description": "Add control implementation description here for item ra-5_smt.e" } ] }, { "statement-id": "ra-5_smt.f", - "uuid": "b3bb065b-e0c5-4086-aca1-0b0447151461", + "uuid": "1a592a42-287f-4939-ae6b-a00161cb708e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b53be194-959f-4cde-86af-46926dec468a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "16a3757b-4569-4913-a387-0b787ebcff06", "description": "Add control implementation description here for item ra-5_smt.f" } ] @@ -4283,16 +4283,16 @@ ] }, { - "uuid": "38c9f3c6-96c0-4416-a2ed-d4dc21e1760d", + "uuid": "7d49693c-b313-4cdb-855a-4abf2568feb2", "control-id": "ra-5.2", "statements": [ { "statement-id": "ra-5.2_smt", - "uuid": "3b9f798c-877e-4ed4-9ab9-ce2ed3e14b5a", + "uuid": "0341b62f-6789-4aa6-ae1c-8c9b12a41e2e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8ee58b6b-a7a9-4561-9c8c-7caeabde0839", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0e65225e-188f-4e1e-80da-348d83a04a60", "description": "Add control implementation description here for control ra-5.2" } ] @@ -4300,16 +4300,16 @@ ] }, { - "uuid": "ff11be82-9b61-49de-a577-9a27afc90574", + "uuid": "2db4b44f-61cc-4601-aa8a-7aa21ad60be9", "control-id": "ra-5.11", "statements": [ { "statement-id": "ra-5.11_smt", - "uuid": "55f6864f-5864-4804-8579-ea6cb39a97bb", + "uuid": "5da2f50d-882d-4afe-8e25-0b421d3eb71a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "be5b78ca-9036-4d74-a35b-a4e6c21f1bc1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e42b435e-6102-45d6-80d4-8b1c21a680d4", "description": "Add control implementation description here for control ra-5.11" } ] @@ -4317,16 +4317,16 @@ ] }, { - "uuid": "a4dbb880-a173-4df2-a95f-61148207eca9", + "uuid": "3cd42e90-393c-470f-b3c3-49354a664b63", "control-id": "ra-7", "statements": [ { "statement-id": "ra-7_smt", - "uuid": "f58d8722-c56c-4e5a-bc4f-e89212307fdc", + "uuid": "5172e6ff-c2a4-43bc-81e3-845edb1eb934", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7aa406e2-ec55-43eb-a7ee-7e8918a16537", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f9ad337d-cb1d-4459-aa9e-835a275ed723", "description": "Add control implementation description here for control ra-7" } ] @@ -4334,38 +4334,38 @@ ] }, { - "uuid": "a30010e9-4d76-424d-97d3-b788c31f4f7e", + "uuid": "a4454060-0882-4903-84c8-a3574a161287", "control-id": "sa-1", "statements": [ { "statement-id": "sa-1_smt.a", - "uuid": "6f3b21d5-9951-4ac5-a33e-d02c78b4bcec", + "uuid": "71fe0457-af89-4e75-8c55-a88ed0723b5b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "67b92e8a-36d7-481d-9d18-e3ab7bcc854e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "329c8b97-b344-48ae-a43e-ef080998d213", "description": "Add control implementation description here for item sa-1_smt.a" } ] }, { "statement-id": "sa-1_smt.b", - "uuid": "a288d4b0-5e04-4069-a9b3-6d4174321116", + "uuid": "7df72d6a-34ea-452f-a0e1-664f83219ebd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bd7dc3f4-504d-486d-a9fd-8f781fa8d3be", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "884fa42b-4c65-41b0-bd55-718aa0766297", "description": "Add control implementation description here for item sa-1_smt.b" } ] }, { "statement-id": "sa-1_smt.c", - "uuid": "381050ed-a6ba-435f-b218-64f2ca476e20", + "uuid": "2a0a91eb-5e79-4942-b0d0-61a3395c1b1c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3700145b-65bb-476c-b89c-62b92da89d83", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c9e3244f-19a6-425f-9bc9-4e3f6e0374a7", "description": "Add control implementation description here for item sa-1_smt.c" } ] @@ -4373,38 +4373,38 @@ ] }, { - "uuid": "bfe991b5-e116-420f-ac81-106a75eeefb2", + "uuid": "e7915714-92f5-441a-9699-83b08a1c71eb", "control-id": "sa-2", "statements": [ { "statement-id": "sa-2_smt.a", - "uuid": "9f966b4d-51d6-4d4a-8908-4928dc91b49e", + "uuid": "69ec5026-54e9-4b8d-b88b-3d8a387922c6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1b6c5cb9-4b63-4908-bd99-64cb537a030d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ad7e27cf-1436-41ab-b392-1d64f8dd4690", "description": "Add control implementation description here for item sa-2_smt.a" } ] }, { "statement-id": "sa-2_smt.b", - "uuid": "6a1e27db-cb16-48a8-b049-627e6cb3687c", + "uuid": "ff9d4174-95cd-4490-902e-3cb9d7cd6a37", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7ebec817-1292-4535-8303-0863290b1c4d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a893f62d-99c4-4e13-ba40-c1c0a75c9219", "description": "Add control implementation description here for item sa-2_smt.b" } ] }, { "statement-id": "sa-2_smt.c", - "uuid": "f3fbfcc9-00f3-4ae4-8249-606609778741", + "uuid": "1170a932-0ab1-40c1-b54f-5f9de6adeeb0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "37191794-c6fe-4b47-8585-1f4c0bfa0d49", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0f7a3c0b-f7dd-427f-ba2f-ec8aeb471998", "description": "Add control implementation description here for item sa-2_smt.c" } ] @@ -4412,49 +4412,49 @@ ] }, { - "uuid": "3fd7dda2-c64e-4870-8e5a-8271074b0c52", + "uuid": "fca46e2c-9b01-49dd-b032-f99741a1dced", "control-id": "sa-3", "statements": [ { "statement-id": "sa-3_smt.a", - "uuid": "baba5809-766f-4b6b-94a7-f4fc9f2da696", + "uuid": "2bfade40-ae3e-457b-930f-94343795c63c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "48f5c2b2-0762-406c-8c55-56983ac9ecce", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0287cea4-ca2a-4cd0-ab7c-7cd40a437b7f", "description": "Add control implementation description here for item sa-3_smt.a" } ] }, { "statement-id": "sa-3_smt.b", - "uuid": "114fc3ab-262a-4f6f-8cd0-e030842106b3", + "uuid": "418623a8-6a5f-4401-870a-7de953be42ff", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dfccd8bc-fcb8-4d20-926f-6f942cbcf9e2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e1886040-cea2-40b5-8b6c-7071fd3e72b0", "description": "Add control implementation description here for item sa-3_smt.b" } ] }, { "statement-id": "sa-3_smt.c", - "uuid": "60b33a2d-2332-4a50-b265-d1ce67339a35", + "uuid": "bf6f8445-c22c-409c-862a-a0d045226fcc", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a12a7dd7-8fe3-4290-8393-4e95a83ff31d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e42dcd36-1496-400f-88d1-b1ab0173aadc", "description": "Add control implementation description here for item sa-3_smt.c" } ] }, { "statement-id": "sa-3_smt.d", - "uuid": "65998613-a488-43fe-afaa-e292cedd7ec8", + "uuid": "56800aaf-9dbd-4152-b58b-c71a5fb23b52", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "a14ffd53-894c-46a1-a9b1-ff0087d36c9c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "78dc44ab-3bcd-42bc-b6a9-37f1348a34f3", "description": "Add control implementation description here for item sa-3_smt.d" } ] @@ -4462,104 +4462,104 @@ ] }, { - "uuid": "3cfd7560-53cb-43b9-a4a8-39d5ee01dd82", + "uuid": "4812bde0-c220-4f2f-b28a-62094a5598fc", "control-id": "sa-4", "statements": [ { "statement-id": "sa-4_smt.a", - "uuid": "3f0049ff-26d3-4cec-b0bb-701074f855af", + "uuid": "a3b60568-8853-479a-b0dc-7ec1252a3a96", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3452febe-f232-4888-ac18-3330b1a5ef72", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f90cf597-ecb4-4de6-900d-c0941889c441", "description": "Add control implementation description here for item sa-4_smt.a" } ] }, { "statement-id": "sa-4_smt.b", - "uuid": "7a8cdbcf-73be-44dc-b770-e43e35c86595", + "uuid": "d1dc59db-dab7-44e0-b60a-28a48bc7ed21", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8bb9a65e-1ee5-4f57-8933-f55d12cf8bad", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f35b0592-8f62-4ef3-8d8d-e2ecf8a55953", "description": "Add control implementation description here for item sa-4_smt.b" } ] }, { "statement-id": "sa-4_smt.c", - "uuid": "88fe51c8-6319-40fa-83e9-9a3a73d25057", + "uuid": "9352eeef-ce58-4057-ae10-2270c280cd97", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e4a3c7e0-421f-4531-8b8e-341b47791b2b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "c21e8192-2228-476b-8a99-66e75f37acc9", "description": "Add control implementation description here for item sa-4_smt.c" } ] }, { "statement-id": "sa-4_smt.d", - "uuid": "a0de6adf-d0bf-43aa-8e3e-1145535b741d", + "uuid": "c97ac67b-1022-4604-ba95-470107a63a66", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "74a4747e-3465-4876-9f17-4ac8d8072b5c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "59c10cfb-4edf-461f-a69e-046ada303fe8", "description": "Add control implementation description here for item sa-4_smt.d" } ] }, { "statement-id": "sa-4_smt.e", - "uuid": "96cdfbbd-8566-4728-b0d3-87bd6551bbd9", + "uuid": "563da6ae-28d8-4c0a-885d-dbb956d56fc0", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "845fd061-6eff-4946-bc87-304c50d67ec5", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3b14f7bd-9df5-4d46-bd89-7bd12923a492", "description": "Add control implementation description here for item sa-4_smt.e" } ] }, { "statement-id": "sa-4_smt.f", - "uuid": "2f0ce8e6-fc5b-4de1-afbe-b1763c173a4d", + "uuid": "d336f7a8-8570-4301-b726-90ed53fce526", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "8accaf67-9390-49d3-9c2a-15ec63c0ca23", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e0e9c230-5263-4b1f-8484-18a6049e23f4", "description": "Add control implementation description here for item sa-4_smt.f" } ] }, { "statement-id": "sa-4_smt.g", - "uuid": "cf767557-d01a-4643-a884-f76f3b5e18b1", + "uuid": "2cbefd3f-14a5-4d8f-8da8-bbbbe9f314bf", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b81e06fc-7c86-47f3-8962-5e6d8f17dd83", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0627c175-2443-4090-9ab0-d17a7b273db7", "description": "Add control implementation description here for item sa-4_smt.g" } ] }, { "statement-id": "sa-4_smt.h", - "uuid": "30896d20-093c-48df-a70e-eecc3330fd7e", + "uuid": "3517820d-36a1-4884-a782-1cdbcc01d924", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0d03d749-3068-4ae7-8b74-9a7589954bd9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "874abd4b-ea16-4c41-b331-d6a550b410a2", "description": "Add control implementation description here for item sa-4_smt.h" } ] }, { "statement-id": "sa-4_smt.i", - "uuid": "3a3cf158-6339-4964-8ec5-2bfdbaf36aa8", + "uuid": "f0b54f3b-258a-4ae5-97fd-b645b71918a6", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ef5e81c9-1863-41b8-be7b-f6c687aa4789", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b32cbf63-412e-475c-914b-9f28ab77afb5", "description": "Add control implementation description here for item sa-4_smt.i" } ] @@ -4567,16 +4567,16 @@ ] }, { - "uuid": "012f3498-8082-4844-a2b6-07be5caa812a", + "uuid": "2328af72-d770-47eb-934c-a4ed9b85b023", "control-id": "sa-4.10", "statements": [ { "statement-id": "sa-4.10_smt", - "uuid": "983da4f0-bcf0-4861-9657-63b8c2937e3a", + "uuid": "a5c81401-a0b8-4a40-9933-cb04f985e893", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fa5a3beb-b1b3-491b-ad76-46eb2ea53f2a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d3821be7-ad95-4cb6-b39d-826e577db54b", "description": "Add control implementation description here for control sa-4.10" } ] @@ -4584,49 +4584,49 @@ ] }, { - "uuid": "233bd514-adb0-4658-b1a4-3226fa0acaae", + "uuid": "c6a4e463-7ddc-484f-a038-bbc89b263f39", "control-id": "sa-5", "statements": [ { "statement-id": "sa-5_smt.a", - "uuid": "22559970-bf41-4c1f-975e-b335044dbc24", + "uuid": "2e2aa702-91eb-46d4-a127-3655ded08742", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4ff3b86f-d7d9-4ed7-975d-6b05e0bdce09", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3e0b9966-ec07-4c2d-8c77-541d6e543c16", "description": "Add control implementation description here for item sa-5_smt.a" } ] }, { "statement-id": "sa-5_smt.b", - "uuid": "758af4cf-c202-47be-a200-e498384c8b7a", + "uuid": "af0d4f22-91e2-4cf8-a8dc-821e0d5e51dd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "763843b8-c593-48b7-bdb0-4140de5074b3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d05147a0-82cc-46d2-b7c8-b7bac3fc82b6", "description": "Add control implementation description here for item sa-5_smt.b" } ] }, { "statement-id": "sa-5_smt.c", - "uuid": "166768aa-7862-4118-b56b-a1e6e6764f9a", + "uuid": "0623cc72-e576-499f-a121-4f433f47fa22", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "85486a49-9833-4dcf-95f3-baa251eee16d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "17f08c26-cf81-4b10-90ed-25763a649dac", "description": "Add control implementation description here for item sa-5_smt.c" } ] }, { "statement-id": "sa-5_smt.d", - "uuid": "cee0d961-4756-4956-8ae9-e76dc45f2623", + "uuid": "bb073089-ab36-4bc5-a670-ea0f56cd7fb2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cf80377c-c4bd-4c38-9109-75b172c3c381", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9172182d-ea04-49af-b4e1-072e014b4af6", "description": "Add control implementation description here for item sa-5_smt.d" } ] @@ -4634,16 +4634,16 @@ ] }, { - "uuid": "f8a4ca54-8b44-42d8-af1a-9f899842880d", + "uuid": "665804fb-d8c7-4e5f-a01b-dadc992c0d8d", "control-id": "sa-8", "statements": [ { "statement-id": "sa-8_smt", - "uuid": "104280c4-ed29-4c28-af18-382016404379", + "uuid": "0b243934-92bd-40eb-8702-5dcfee7982ce", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cf196a50-6551-4797-b239-7e60cf6ad2ce", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "24742e0c-50e2-48cb-85f3-0b6dc31aab6b", "description": "Add control implementation description here for control sa-8" } ] @@ -4651,38 +4651,38 @@ ] }, { - "uuid": "9e493d7a-ce5b-4c32-916e-3c3b19a71980", + "uuid": "375448f6-f543-48f3-a073-7e201d6416ff", "control-id": "sa-9", "statements": [ { "statement-id": "sa-9_smt.a", - "uuid": "00990002-ddb4-4f2e-a7f0-e7105c21a01d", + "uuid": "b8216fc9-35eb-4ba6-b013-45822307ef5f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6178ca5b-9fdb-4819-a173-cafccf5cf919", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1d83de2c-e629-4656-8bd0-4e259a3b9cc7", "description": "Add control implementation description here for item sa-9_smt.a" } ] }, { "statement-id": "sa-9_smt.b", - "uuid": "6b20fd5b-ead3-40ff-afcd-6dce8a7e589e", + "uuid": "2d22a00d-24b8-42f4-93d4-27825af78396", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b9f04d88-cbf2-49ba-9034-5e2763e922fd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b615671e-a414-4f4d-82dd-da95e409966a", "description": "Add control implementation description here for item sa-9_smt.b" } ] }, { "statement-id": "sa-9_smt.c", - "uuid": "f136cd32-ec2e-49ef-b376-ea9b5b2defff", + "uuid": "f8deb4e7-02c1-495a-b3f1-d586d0969695", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ee9e6577-ec64-45ed-b2a1-b7ce8509e2f9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "bed39412-07c3-46a4-9e1a-f950b4aa8558", "description": "Add control implementation description here for item sa-9_smt.c" } ] @@ -4690,27 +4690,27 @@ ] }, { - "uuid": "00515c06-7763-4a5b-a94d-3888fd0456f2", + "uuid": "793a9bfe-5e32-4282-9913-f8df7c76385c", "control-id": "sa-22", "statements": [ { "statement-id": "sa-22_smt.a", - "uuid": "7d43048f-f81c-4bfc-a8a8-551137483e70", + "uuid": "672da517-2d90-42fc-b3c7-03f118087d26", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e711a62e-2968-446b-9e34-854f4a454558", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "868c01f8-0cdd-4d78-8d8c-3488b2e6bd66", "description": "Add control implementation description here for item sa-22_smt.a" } ] }, { "statement-id": "sa-22_smt.b", - "uuid": "219f8231-a528-426d-891f-a1d034411fe9", + "uuid": "26878778-c513-4e7a-b0a9-4b84afb47586", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c186d37e-5fea-4dfc-a93d-5fb402b4bfe6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fe00468b-84cf-4bc8-aae5-fb53af9358cb", "description": "Add control implementation description here for item sa-22_smt.b" } ] @@ -4718,38 +4718,38 @@ ] }, { - "uuid": "1baf505c-23d3-4b63-b1b7-46c430c22b57", + "uuid": "1f665f35-107a-4a77-950d-d7fe6d7a5a23", "control-id": "sc-1", "statements": [ { "statement-id": "sc-1_smt.a", - "uuid": "f25682d5-64be-4938-a4e3-f2c1697cb119", + "uuid": "37d4314c-63d4-4e47-bda4-f5df330348b1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "97e9c324-509f-4e33-a124-6a02cd4f43b0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b6158eb4-14d5-4344-8842-e918b6c1e4f4", "description": "Add control implementation description here for item sc-1_smt.a" } ] }, { "statement-id": "sc-1_smt.b", - "uuid": "d2e6f691-64da-4369-9b5f-4da32816214e", + "uuid": "79207ae2-be40-49d6-89c5-4c3b9f9af648", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "aa56dff2-1c4f-4936-a8f8-01bd761cc5a2", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "05cfb0f9-65a8-4580-b9e6-1c53d18c1868", "description": "Add control implementation description here for item sc-1_smt.b" } ] }, { "statement-id": "sc-1_smt.c", - "uuid": "4858315d-a673-4939-b173-82cfd4695d1c", + "uuid": "ca845b76-9bc2-4fa4-a030-58ecf6f307dc", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6a716da8-817a-4291-989c-d37c183263ba", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "aeffe1fb-b7b7-48bb-97e5-33b4d542b761", "description": "Add control implementation description here for item sc-1_smt.c" } ] @@ -4757,27 +4757,27 @@ ] }, { - "uuid": "c5dc593d-2d82-4f05-8ef9-8840b24cfc29", + "uuid": "90eab343-14c3-4fcb-93e1-a8cb49dd14a0", "control-id": "sc-5", "statements": [ { "statement-id": "sc-5_smt.a", - "uuid": "ac473800-9d33-4b38-9ade-21bc977422f7", + "uuid": "85311cb8-af70-4349-9efa-b2660f4f45ae", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ef58fddc-738b-4514-a412-9c50a8a68f11", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9b04e0d5-b0ba-4649-a3ca-3e301e8aa852", "description": "Add control implementation description here for item sc-5_smt.a" } ] }, { "statement-id": "sc-5_smt.b", - "uuid": "4a03b896-9325-41a2-bf3a-9090759b38ee", + "uuid": "81a0958c-b63b-4769-95e2-da276af7b4c5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "51e0590f-da8e-497f-97e3-a3576b95f464", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "1d55a017-c728-4d11-808b-03f88eeb54da", "description": "Add control implementation description here for item sc-5_smt.b" } ] @@ -4785,38 +4785,38 @@ ] }, { - "uuid": "8aec6d25-6bb9-446b-b5ad-5af87ade3de0", + "uuid": "a5c48ada-8e54-4605-82e9-37ad832fadc4", "control-id": "sc-7", "statements": [ { "statement-id": "sc-7_smt.a", - "uuid": "564186a1-f414-4636-9e97-b2019e853806", + "uuid": "1c2bc5eb-ccab-42dc-a793-e76d767bb60e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "906944f9-ed61-47d8-8130-e7a8723db84f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0a70b064-2bf0-450e-848d-63068d5c467c", "description": "Add control implementation description here for item sc-7_smt.a" } ] }, { "statement-id": "sc-7_smt.b", - "uuid": "e0c65915-d80a-491d-b63a-b638db5df9ec", + "uuid": "c2333dee-c322-4917-a39f-67782b306dd8", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "323ad026-4fc5-42ae-9322-888691b94abd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "af3f98be-0462-4322-b6ba-7d8e66737342", "description": "Add control implementation description here for item sc-7_smt.b" } ] }, { "statement-id": "sc-7_smt.c", - "uuid": "8e6b74e0-101e-4823-9408-1f2d737c1de1", + "uuid": "d16625f8-f769-4c06-b522-8b6e241aacc3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bbc68ffb-e988-4d94-aeb7-74f57bfe766e", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9c6be2d4-9f06-4dd3-8c52-94bd7fc11895", "description": "Add control implementation description here for item sc-7_smt.c" } ] @@ -4824,16 +4824,16 @@ ] }, { - "uuid": "74bde879-ae9e-427a-a210-727928c7e1ce", + "uuid": "3c4ab2aa-9ac5-4d36-ac11-52ac3b90b8d1", "control-id": "sc-12", "statements": [ { "statement-id": "sc-12_smt", - "uuid": "a58c46f3-2992-439f-862d-4e7466cd2e7e", + "uuid": "9f0ecb6e-8df0-43ff-b842-9a7f660ec6d5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "daec9f79-020b-4638-b338-10d7a80c6723", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "dc8b709a-4da4-4aa0-9ea4-9f414516ef6c", "description": "Add control implementation description here for control sc-12" } ] @@ -4841,27 +4841,27 @@ ] }, { - "uuid": "00f0588a-9d85-4eaf-bdfa-f0ec9b348de9", + "uuid": "5332ece5-8871-4586-9403-89e5044aeb4e", "control-id": "sc-13", "statements": [ { "statement-id": "sc-13_smt.a", - "uuid": "44353f9f-b2b4-40b7-bfc7-b274658c0ca8", + "uuid": "3b993980-d776-43c8-892a-150826d10979", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "48223379-d897-455f-a6f6-bf4303512dc1", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5bae1b31-9f50-477c-bc7b-56d5f2acd660", "description": "Add control implementation description here for item sc-13_smt.a" } ] }, { "statement-id": "sc-13_smt.b", - "uuid": "e7246a0d-9d03-4757-9564-7c3aa1488254", + "uuid": "40835f6b-a76a-4a9c-bf77-ca1bbe169b0a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d29ac847-74de-4b3b-8765-89583af378a9", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "5986a385-dfe0-46c3-9d08-46fe863e11a7", "description": "Add control implementation description here for item sc-13_smt.b" } ] @@ -4869,27 +4869,27 @@ ] }, { - "uuid": "7c35f77e-051c-49c7-a449-faccbdd9cfc9", + "uuid": "c56d658e-b70d-411a-bfe1-20beee61e96a", "control-id": "sc-15", "statements": [ { "statement-id": "sc-15_smt.a", - "uuid": "5d63e2d2-2de1-4d9f-864e-aae22b4cca70", + "uuid": "b5adf62a-0fe2-4e4d-a835-5bcd887c8786", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5835feca-b238-4858-9959-03efdc4c18fd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ddddd121-8384-49dd-9364-5a43627981b4", "description": "Add control implementation description here for item sc-15_smt.a" } ] }, { "statement-id": "sc-15_smt.b", - "uuid": "33d9b0f2-6b5a-4df3-b0e4-95f14395f708", + "uuid": "16cd76cd-6da2-41df-9009-d458bc36e7e1", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "9e351966-01a4-41e2-83f0-fde26ce7d784", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a57f7bd4-0621-48f3-b723-6af17516d9a4", "description": "Add control implementation description here for item sc-15_smt.b" } ] @@ -4897,27 +4897,27 @@ ] }, { - "uuid": "6afc7c72-cf14-4a7d-b024-b713b060f742", + "uuid": "c672b230-7187-4356-94bb-0826316342fc", "control-id": "sc-20", "statements": [ { "statement-id": "sc-20_smt.a", - "uuid": "5e4c8d8d-d656-4191-acdc-f9b8a9075e16", + "uuid": "3f0bbed8-7989-443e-be9b-887ed0a7235d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "85099119-4d76-4cd4-9834-1f670dca1ea4", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ab8bad88-bee9-429f-bbe1-913583c0743c", "description": "Add control implementation description here for item sc-20_smt.a" } ] }, { "statement-id": "sc-20_smt.b", - "uuid": "ad525bb9-e114-4141-b97e-91953fd89675", + "uuid": "c3aa98b8-9d9c-4adf-b256-f50aff81c521", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "25e77e11-0e3d-412b-80ed-7bcb58ea9fd0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "9b0c8826-0016-4030-836f-a842b7f16f26", "description": "Add control implementation description here for item sc-20_smt.b" } ] @@ -4925,16 +4925,16 @@ ] }, { - "uuid": "6345db2c-ed3f-4987-a619-892b3e0cf759", + "uuid": "52c6120f-d6f3-4e77-ac21-349f670b569b", "control-id": "sc-21", "statements": [ { "statement-id": "sc-21_smt", - "uuid": "4315b1fe-d8fc-4f54-8f6c-6727788941bf", + "uuid": "d24d6b8e-cb78-43f5-ad43-4f63ee4f6942", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1293c784-d1fb-4aa1-8900-d80905c27295", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "51e23a50-1915-49df-9155-94657ef0a203", "description": "Add control implementation description here for control sc-21" } ] @@ -4942,16 +4942,16 @@ ] }, { - "uuid": "2fa677d8-e553-4935-b5e7-21f27406c8a6", + "uuid": "2ac49600-5f8a-4b67-9538-5078ff5b06cd", "control-id": "sc-22", "statements": [ { "statement-id": "sc-22_smt", - "uuid": "70db7822-b708-4115-92d2-69ceff37aea3", + "uuid": "b53a6beb-b8a4-467b-8b9f-4891ff3e12cb", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b014c826-2085-4095-866f-e8619361964a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ad1ea5c9-84dd-4335-a5c1-7e95d8ce5d59", "description": "Add control implementation description here for control sc-22" } ] @@ -4959,16 +4959,16 @@ ] }, { - "uuid": "59ca7b8e-a50f-4469-8f43-9b7f16cacacc", + "uuid": "127902c9-9635-4f1b-afa1-0f674dccf2b5", "control-id": "sc-39", "statements": [ { "statement-id": "sc-39_smt", - "uuid": "4482b989-8232-462a-9fb3-e7cb795fb7af", + "uuid": "7f66102c-2691-40cd-a32b-224d0a69db42", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "2bdf50a4-718c-4c47-b643-aec1b29b015a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b81595dd-82c4-475f-9a7c-fa40383ac7c9", "description": "Add control implementation description here for control sc-39" } ] @@ -4976,38 +4976,38 @@ ] }, { - "uuid": "24fca182-06d8-4855-855e-7586a9717d3e", + "uuid": "9acabf6c-adc1-4c4a-8ff4-5001468b1879", "control-id": "si-1", "statements": [ { "statement-id": "si-1_smt.a", - "uuid": "3b48b172-6cef-4cf7-8e43-50c1e300ddb9", + "uuid": "bb00eeef-12e5-45ef-84ad-6689c4684998", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4a4c26a5-68bf-48ef-a09c-55ac61348423", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "fce9bfb5-dc34-4a92-aa40-fe3e86585da8", "description": "Add control implementation description here for item si-1_smt.a" } ] }, { "statement-id": "si-1_smt.b", - "uuid": "261af665-768d-46d4-b9f3-b1d5669e55d5", + "uuid": "f62a0573-6ada-4617-a586-a608bbe9f961", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "e42af704-7b31-4f00-84d7-891f41358037", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "36dc2d43-5a1a-4501-a1bf-5d49982c5e9c", "description": "Add control implementation description here for item si-1_smt.b" } ] }, { "statement-id": "si-1_smt.c", - "uuid": "bff81796-a229-4748-9f6e-bae33834dd13", + "uuid": "769c24d0-4070-4dc5-81e1-e3e1752c62cf", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5402d037-25a4-4847-bacf-c546a1c08bae", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a182990b-5e7e-45d6-8d8c-8db8da294919", "description": "Add control implementation description here for item si-1_smt.c" } ] @@ -5015,49 +5015,49 @@ ] }, { - "uuid": "1a478fb5-c230-40f8-a3d3-b12280bd6ebd", + "uuid": "f0593668-571a-403b-b91f-1e2538241afd", "control-id": "si-2", "statements": [ { "statement-id": "si-2_smt.a", - "uuid": "d7722fea-0fe7-482f-a94f-f58f4144b38e", + "uuid": "b523b7f5-bce5-4d43-a16a-28b948be67a2", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "dc3118d3-989a-4f03-9b96-b62e384fecf3", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4cb00750-bf99-491e-947c-233265371877", "description": "Add control implementation description here for item si-2_smt.a" } ] }, { "statement-id": "si-2_smt.b", - "uuid": "a51e22a1-bea4-4cf2-a8e0-0f9bbc4a5738", + "uuid": "b8893b68-3633-4d53-a0fd-257b20d4a2ca", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4227e777-3e81-4a50-90b8-428729100edd", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "8e5c9aa4-5b0d-47f0-b9a9-c17f17c3fd77", "description": "Add control implementation description here for item si-2_smt.b" } ] }, { "statement-id": "si-2_smt.c", - "uuid": "bf96eb89-c8a5-48bb-93a7-f00ecb401cdc", + "uuid": "12843fd8-01de-4ca6-b5ba-1094506d8014", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "4ac14622-22c8-495e-9a21-ef6ab8571270", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "beae5cbc-d74c-447f-98c5-ddaa71215fca", "description": "Add control implementation description here for item si-2_smt.c" } ] }, { "statement-id": "si-2_smt.d", - "uuid": "ce8aa0e4-75d5-40af-8cda-b3e0e5d4da51", + "uuid": "0443e3c8-54f5-4fbd-923e-d8c2c9cb93e3", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "3044e6ef-1b68-49c1-81c8-a0827affe487", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e3aff7d4-c8c5-4a83-91b6-387a5a0d30bb", "description": "Add control implementation description here for item si-2_smt.d" } ] @@ -5065,49 +5065,49 @@ ] }, { - "uuid": "fbaf863e-ee33-4291-b913-36b98584522f", + "uuid": "123afe08-3aa3-4088-a69a-38b47711d249", "control-id": "si-3", "statements": [ { "statement-id": "si-3_smt.a", - "uuid": "47369958-c9f2-4fc2-b651-221deb492320", + "uuid": "ed86d096-09ef-48cb-8c63-4402f9227a7b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "c0ba1bf9-d531-44f8-aa26-7e9d4cae321a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4cff1501-5ec1-4666-b6ed-e6bb8db01858", "description": "Add control implementation description here for item si-3_smt.a" } ] }, { "statement-id": "si-3_smt.b", - "uuid": "8faa96f8-e1e4-4c66-9caf-96c515cc95c1", + "uuid": "773913e0-6fea-4714-bb65-9af3fea77c45", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0cbbddb8-d3d8-493e-b7c0-19c199fafa89", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "da89e01a-c5ea-43da-9fa2-ea7fe468116d", "description": "Add control implementation description here for item si-3_smt.b" } ] }, { "statement-id": "si-3_smt.c", - "uuid": "5955b5b0-d812-422b-89b3-534c6a28f9b7", + "uuid": "698ec61d-6c25-4139-b680-fefa6cad84ca", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "bb3bd4c0-2903-4606-9fca-b8188fdd3e81", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "46e1f9b7-81ee-41a2-9bc2-dbd0b6189f4b", "description": "Add control implementation description here for item si-3_smt.c" } ] }, { "statement-id": "si-3_smt.d", - "uuid": "dd8d5cdd-cb45-48fc-90ae-38c3458cdc03", + "uuid": "9af11cb4-7999-49f9-90c5-68e9657292ae", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1ab920dd-6466-46fb-a5bc-7fde029e575c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b9e91111-f7d8-4634-ac82-c36432dff6bf", "description": "Add control implementation description here for item si-3_smt.d" } ] @@ -5115,82 +5115,82 @@ ] }, { - "uuid": "be623ed4-51af-471b-9f02-57750e9c5373", + "uuid": "20cc7715-8e2a-4b44-bc16-17631a9a0d8f", "control-id": "si-4", "statements": [ { "statement-id": "si-4_smt.a", - "uuid": "885fd567-53f0-4104-bdaf-a8987f0e8229", + "uuid": "0b01de64-0865-4761-a883-54bdd2af15a4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6f4cf6f6-3567-4965-9543-170664e7c012", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "30596269-5427-413a-87d5-e4a31d4fdc0b", "description": "Add control implementation description here for item si-4_smt.a" } ] }, { "statement-id": "si-4_smt.b", - "uuid": "55651de2-2bcb-4b65-873b-17abbf4a7430", + "uuid": "193c5ba9-90de-40ec-b425-3193bbff045f", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d1091260-e5c5-4deb-bbb8-f22e10a7dccb", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4444b64f-4a57-44f7-99c2-2167e3dee016", "description": "Add control implementation description here for item si-4_smt.b" } ] }, { "statement-id": "si-4_smt.c", - "uuid": "7c400b39-e993-47df-bf4d-5c2542be06d7", + "uuid": "44b8d28e-2c5a-4a9d-a722-729a616efdc8", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d6a80a03-7ae0-4112-8165-ab8a70fd8281", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7b350ed7-ee9b-44c5-8339-2f1e3d79005d", "description": "Add control implementation description here for item si-4_smt.c" } ] }, { "statement-id": "si-4_smt.d", - "uuid": "d824693f-8ca9-4e71-aa08-e34857555bb4", + "uuid": "1cd6dfed-74c0-4777-aab2-d66e418f8102", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1ebde027-8940-481a-ba3e-fc2b6bc1d39d", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e7adfb49-6abf-4e6b-a6ff-4829362814a6", "description": "Add control implementation description here for item si-4_smt.d" } ] }, { "statement-id": "si-4_smt.e", - "uuid": "6de5df6e-a9f7-461d-b753-4b842dd5a180", + "uuid": "f495fee9-780d-4490-999a-5cdefada1200", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f60e8871-c38a-4ada-9089-b9548d7b174a", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b7ead727-1d2d-4178-bdb8-3bc10df921cd", "description": "Add control implementation description here for item si-4_smt.e" } ] }, { "statement-id": "si-4_smt.f", - "uuid": "a10e3689-ba8b-4cfe-8467-bb938d1109da", + "uuid": "7d8b90dc-ee9a-4aad-b722-f38fe4c9af78", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5cc2c76c-9dbf-4f14-93f6-c101ab607c88", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "ca33f0d0-4858-45a2-b4d0-3ff0f245048c", "description": "Add control implementation description here for item si-4_smt.f" } ] }, { "statement-id": "si-4_smt.g", - "uuid": "df2b7e96-fe40-4fbc-8365-63482d858630", + "uuid": "d7adadd0-591d-423e-a0fd-fb7ac8b4b2ea", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ce887cb6-4811-4ffe-8b99-50661ff604c0", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0496915b-145d-43f4-be1d-4db341ad51ae", "description": "Add control implementation description here for item si-4_smt.g" } ] @@ -5198,49 +5198,49 @@ ] }, { - "uuid": "7f3def9b-4242-4b10-9249-52bcfd488088", + "uuid": "5cfbe597-56e3-4491-b412-3486a2332c69", "control-id": "si-5", "statements": [ { "statement-id": "si-5_smt.a", - "uuid": "e1607448-ea79-4250-bf29-84b6e0b62a9f", + "uuid": "aa12942c-94c2-4a66-809c-6f97bb817262", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ee376e0d-d6f8-4c0f-9bb5-ece602243870", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "cb0a8318-6532-44b2-a300-09c61274c4ab", "description": "Add control implementation description here for item si-5_smt.a" } ] }, { "statement-id": "si-5_smt.b", - "uuid": "59eab534-cd13-452b-bc46-043ffa896646", + "uuid": "ac04e1f4-3fca-4ac6-8de8-9ce4a15c0c78", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "95ca5358-0a86-4d7c-add2-351b38d25d51", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "122ccc94-b4cf-4109-818d-604a1a6ee82a", "description": "Add control implementation description here for item si-5_smt.b" } ] }, { "statement-id": "si-5_smt.c", - "uuid": "013e04d5-3b1b-4c43-87f3-ffc5a0baba90", + "uuid": "d2fd12e0-1116-4b27-8d7d-cab744f2f4ed", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "cfba51a6-135c-4d7b-b5f3-c9169215ea38", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "6f6f7fc2-2380-448a-b66e-f2f33b842486", "description": "Add control implementation description here for item si-5_smt.c" } ] }, { "statement-id": "si-5_smt.d", - "uuid": "f75e393f-0bd6-4ec8-b73b-7ed3a77e8e7a", + "uuid": "9cf926d3-73d0-429c-ae78-b9e317cb913a", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "390710ae-e20c-4b4e-b55f-7d17d60bf262", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "01373664-539b-4f6e-9be7-c37e5ea5e4a2", "description": "Add control implementation description here for item si-5_smt.d" } ] @@ -5248,16 +5248,16 @@ ] }, { - "uuid": "9f90d5b6-84f2-4125-bebe-52e2538ff421", + "uuid": "4773a69f-ca51-4a99-bd89-e843d1ca4a95", "control-id": "si-12", "statements": [ { "statement-id": "si-12_smt", - "uuid": "d0074e91-b5e0-4e5b-9d28-5dddb846f3c1", + "uuid": "48ce10ba-529f-4737-a53a-f6749ffd19c7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "f598341a-080d-4e7a-b46d-9a5ffcd1323b", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "b1ac0368-f5c0-437f-8b02-f33330f4d4a0", "description": "Add control implementation description here for control si-12" } ] @@ -5265,38 +5265,38 @@ ] }, { - "uuid": "14b38627-13bc-4139-92e8-d1cb9b2f2aa0", + "uuid": "122c4dc9-2f08-4714-8e9b-88328b203493", "control-id": "sr-1", "statements": [ { "statement-id": "sr-1_smt.a", - "uuid": "e35cc3ad-ef55-4555-8fe6-559d7503ecc0", + "uuid": "3b6c63aa-372a-4f6c-bb79-3bb43c3d34e9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0fa0676c-b8d5-40b4-96b1-e25916fb89af", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "525f598a-71a7-4b23-8449-d366106997eb", "description": "Add control implementation description here for item sr-1_smt.a" } ] }, { "statement-id": "sr-1_smt.b", - "uuid": "dbae26bd-5d86-47d5-8e04-611f03ae1e88", + "uuid": "56dfde75-4c10-4176-865c-2849e8a48970", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "1c4ee7ad-957d-486d-bbe7-27e0fc5a3988", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3987086c-3699-4e1d-95a4-01beb7f07362", "description": "Add control implementation description here for item sr-1_smt.b" } ] }, { "statement-id": "sr-1_smt.c", - "uuid": "e288a95b-3a52-446c-8978-90f088d03975", + "uuid": "fe4edcc7-8f92-4653-a1aa-72d68327176d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0f95f464-cbbb-4a27-865f-9de8f6d3f32c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "67812a86-dac5-44ca-92a0-f2a67a958899", "description": "Add control implementation description here for item sr-1_smt.c" } ] @@ -5304,38 +5304,38 @@ ] }, { - "uuid": "cd23353b-68b1-4d70-a0c4-05e98093429a", + "uuid": "26f7e4ca-99e1-4007-9e55-164e0524bf74", "control-id": "sr-2", "statements": [ { "statement-id": "sr-2_smt.a", - "uuid": "37a54720-f5d4-4588-9579-d31fc14d2ab8", + "uuid": "b74a5c58-d9f5-4b5e-ba66-d7588606f3dd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "b8dd7beb-5e55-4b8f-9c7f-7e021f79e56f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4bfd406c-c7d6-4544-8eed-c0130212443b", "description": "Add control implementation description here for item sr-2_smt.a" } ] }, { "statement-id": "sr-2_smt.b", - "uuid": "0272212f-ac6b-4e37-ac1d-40edf6cc6494", + "uuid": "d8edaef4-5ced-4a26-9b93-2ea9e531d714", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "d4fad1cd-c665-43e3-b9f4-1846c460d4fc", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "be3a9867-22dd-42f9-88c1-d2fb6580bd9c", "description": "Add control implementation description here for item sr-2_smt.b" } ] }, { "statement-id": "sr-2_smt.c", - "uuid": "c1cd5d75-9019-4e06-813e-12ef0647fb7b", + "uuid": "76e7ec51-bc61-44ab-ad92-ccb108fcf6f5", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "69a47069-facb-47fd-9e94-ef858d00e04c", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "f89684c6-4bea-460d-87f2-5bf4e11f1c7e", "description": "Add control implementation description here for item sr-2_smt.c" } ] @@ -5343,16 +5343,16 @@ ] }, { - "uuid": "245affe8-d389-4b7f-8f6e-70631797eef8", + "uuid": "81f7fc4f-6601-4ea5-9a5a-721b63fbf8b1", "control-id": "sr-2.1", "statements": [ { "statement-id": "sr-2.1_smt", - "uuid": "9118b659-e299-49c8-ae7b-3dccbe3b14d1", + "uuid": "5704c634-f241-4ee3-855b-7c929ed4991c", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ff9897b6-88bd-4a31-8709-f4b4e0199272", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "7934cca7-77df-4811-aecd-380ae31ac025", "description": "Add control implementation description here for control sr-2.1" } ] @@ -5360,38 +5360,38 @@ ] }, { - "uuid": "02329263-11c8-430b-a90a-6fea6f553f22", + "uuid": "1b13ed63-7c41-4db1-858e-3edcf6604323", "control-id": "sr-3", "statements": [ { "statement-id": "sr-3_smt.a", - "uuid": "60ae9c1a-7c26-4108-a30d-844e88366bd4", + "uuid": "91902056-c926-4149-9843-aec2ef1a4de4", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7e643e32-e154-4a15-ac3c-2b7ec43bcf27", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d0f9daa6-0d23-486d-8b5b-3874fb54617f", "description": "Add control implementation description here for item sr-3_smt.a" } ] }, { "statement-id": "sr-3_smt.b", - "uuid": "75d1f282-a944-436f-8ad4-996414728c53", + "uuid": "bcfbae7c-69fd-4609-bd61-d6a390d923cd", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "5f28b59f-8710-43c3-807f-ba59d0f46aba", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "636b762c-f3bf-4c17-b185-c5dced19026e", "description": "Add control implementation description here for item sr-3_smt.b" } ] }, { "statement-id": "sr-3_smt.c", - "uuid": "027b6af8-e794-4304-970e-fab7b19c93e5", + "uuid": "e22acf7f-acd6-4ee7-a26b-273128b97a6e", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "7fac3f44-aedc-4f1d-9015-b06d9fdbf196", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d922ccf1-e125-48b7-90d8-e556b01dcc12", "description": "Add control implementation description here for item sr-3_smt.c" } ] @@ -5399,16 +5399,16 @@ ] }, { - "uuid": "e0ded988-4edc-4180-8827-0f4bc9025a33", + "uuid": "a763e824-92fa-422d-9675-32b38ee9862b", "control-id": "sr-5", "statements": [ { "statement-id": "sr-5_smt", - "uuid": "f638b9a7-e8fe-44b6-b6b2-ca33fa3fd19a", + "uuid": "29248a02-230b-46bb-9c71-1e7c447d35e7", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "6dc30571-0fe9-4835-b039-b3ca9aa969fe", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "3667300a-f90a-4601-b8d9-8f178118687c", "description": "Add control implementation description here for control sr-5" } ] @@ -5416,16 +5416,16 @@ ] }, { - "uuid": "30390c5b-2c2c-45c5-a857-166d44ca6912", + "uuid": "2485998f-27ea-4ce2-a364-4c527c8a2f25", "control-id": "sr-8", "statements": [ { "statement-id": "sr-8_smt", - "uuid": "fe0a36c8-9e2b-4f45-8cc2-e271c4f2b47d", + "uuid": "d33c2254-c462-4b53-8e7e-ab1a6e713a84", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "87b328d9-c1f2-40e7-8675-712e23582ce6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "0d62a912-f54e-4ea0-8bee-e990ed98b0ad", "description": "Add control implementation description here for control sr-8" } ] @@ -5433,16 +5433,16 @@ ] }, { - "uuid": "50a381ac-f409-442a-a613-043459f5b6e0", + "uuid": "66140820-8b23-4e90-92ee-7bf04d4b5cdf", "control-id": "sr-10", "statements": [ { "statement-id": "sr-10_smt", - "uuid": "43f28511-dfbc-46a2-bcff-b0646c76e55f", + "uuid": "fe809c68-1176-48dc-aa9c-ca4b5532a45d", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "81194a9f-be9f-4127-8404-659f12a56a8f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "e75d1d39-ea24-4b56-97a2-24f42fda541e", "description": "Add control implementation description here for control sr-10" } ] @@ -5450,27 +5450,27 @@ ] }, { - "uuid": "b89cd41e-80cb-411a-887d-1238f0f4ec5e", + "uuid": "2cc62e35-1d9d-4af3-bbad-b10505b878fa", "control-id": "sr-11", "statements": [ { "statement-id": "sr-11_smt.a", - "uuid": "bb9ebac8-2334-4a56-94c2-1fc8fa0ffff6", + "uuid": "a05ca36c-ee3c-4bc2-93c3-141818fd053b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fbd74ec4-5d91-46d2-8b2e-66c8cbf8de5f", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a38ac479-23b1-4a7a-a5ab-26361c2f74c8", "description": "Add control implementation description here for item sr-11_smt.a" } ] }, { "statement-id": "sr-11_smt.b", - "uuid": "7efac7d1-dac9-4866-bf83-5db812f0c2a3", + "uuid": "2ad4b098-d513-4fbc-aa3b-d3d20191585b", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "319d5b21-4c42-4453-869e-93acf84d41df", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "d726fb33-572c-432f-a50a-5c530e2561aa", "description": "Add control implementation description here for item sr-11_smt.b" } ] @@ -5478,16 +5478,16 @@ ] }, { - "uuid": "c91216de-9333-440d-bb53-7d93b0e006f5", + "uuid": "3ff1323f-ab0d-464b-bc31-e3854a8b44d3", "control-id": "sr-11.1", "statements": [ { "statement-id": "sr-11.1_smt", - "uuid": "b4ca654a-76bc-4745-94e2-e81bff6aa653", + "uuid": "83e259e7-c479-4eee-90cf-69e1f2dec932", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "0b8dcd0b-0a1a-4014-b3f3-4a220cfe37c6", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "62d27e3f-cdb0-48fc-94ee-197dcb39eb85", "description": "Add control implementation description here for control sr-11.1" } ] @@ -5495,16 +5495,16 @@ ] }, { - "uuid": "ace10183-f379-498d-be41-390598a2c5d4", + "uuid": "8936e892-c4e9-47ef-81dc-3d93eb5f5f58", "control-id": "sr-11.2", "statements": [ { "statement-id": "sr-11.2_smt", - "uuid": "c9a2a3e4-a0ca-40e2-b24c-b6f56b50803f", + "uuid": "b22c0c60-6cb0-40aa-9de1-2549f01809d9", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "ff8550fe-4cf2-418f-9167-b6f23b396346", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "4894ced0-0be7-4b53-a3ec-23f68fdcaaf0", "description": "Add control implementation description here for control sr-11.2" } ] @@ -5512,16 +5512,16 @@ ] }, { - "uuid": "9744de97-659f-4235-9125-94b63d6183a1", + "uuid": "5e158346-bc56-4c56-baaf-cdfe3a051d5f", "control-id": "sr-12", "statements": [ { "statement-id": "sr-12_smt", - "uuid": "53b45ccb-db1b-4a94-ad00-acb735700a75", + "uuid": "1677a0cf-5242-4918-96eb-1c6071309b90", "by-components": [ { - "component-uuid": "97c4a1ff-ff45-44a4-bc2d-f7984ee30497", - "uuid": "fb968d28-b2a0-4dfc-a191-6d01db4f2f44", + "component-uuid": "b06e04c9-2840-4cd2-978b-88a05c5a4de2", + "uuid": "a79279ee-97a8-4af8-86c5-97aa46205314", "description": "Add control implementation description here for control sr-12" } ] diff --git a/ssp_author_demo/test_system/ac/ac-1.md b/ssp_author_demo/test_system/ac/ac-1.md index 810afe8..aff585f 100644 --- a/ssp_author_demo/test_system/ac/ac-1.md +++ b/ssp_author_demo/test_system/ac/ac-1.md @@ -1,12 +1,12 @@ --- sort-id: ac-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- -# ac-1 - Access Control Policy and Procedures +# ac-1 - \[Access Control\] Policy and Procedures -## Control Description +## Control Statement - \[a.\] Develop, document, and disseminate to All employees: @@ -24,26 +24,32 @@ x-trestle-sections: - \[1.\] Policy Every year and following Any IT system breach involving inappropriate access management; and - \[2.\] Procedures every quarter and following any IT system breach or known near miss. +## Control Guidance + +Access control policy and procedures address the controls in the AC family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of access control policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies reflecting the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to access control policy and procedures include assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. + ______________________________________________________________________ -## ac-1 What is the solution and how is it implemented? +## What is the solution and how is it implemented? + + ______________________________________________________________________ -### Part a. +## Implementation a. ACME CISO is responsible for setting the organisation access control policies, and in The access control policies at a global level are reviewed on an annual cycle. ACME CISO also review access control policy whenever ACME legal and/or Compliance teams identify access control obligations. ______________________________________________________________________ -### Part b. +## Implementation b. -Add control implementation description here for statement ac-1_smt.b +Add control implementation description here for item ac-1_smt.b ______________________________________________________________________ -### Part c. +## Implementation c. -Add control implementation description here for statement ac-1_smt.c +Add control implementation description here for item ac-1_smt.c ______________________________________________________________________ diff --git a/ssp_author_demo/test_system/ac/ac-14.md b/ssp_author_demo/test_system/ac/ac-14.md index 4c106c8..1e25d97 100644 --- a/ssp_author_demo/test_system/ac/ac-14.md +++ b/ssp_author_demo/test_system/ac/ac-14.md @@ -1,7 +1,7 @@ --- sort-id: ac-14 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-14 - \[Access Control\] Permitted Actions Without Identification or Authentication @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication. -## Control Control Guidance +## Control Guidance Specific user actions may be permitted without identification or authentication if organizations determine that identification and authentication are not required for the specified user actions. Organizations may allow a limited number of user actions without identification or authentication, including when individuals access public websites or other publicly accessible federal systems, when individuals use mobile phones to receive calls, or when facsimiles are received. Organizations identify actions that normally require identification or authentication but may, under certain circumstances, allow identification or authentication mechanisms to be bypassed. Such bypasses may occur, for example, via a software-readable physical switch that commands bypass of the logon functionality and is protected from accidental or unmonitored use. Permitting actions without identification or authentication does not apply to situations where identification and authentication have already occurred and are not repeated but rather to situations where identification and authentication have not yet occurred. Organizations may decide that there are no user actions that can be performed on organizational systems without identification and authentication, and therefore, the value for the assignment operation can be "none." diff --git a/ssp_author_demo/test_system/ac/ac-17.md b/ssp_author_demo/test_system/ac/ac-17.md index ebcb6a8..30a8911 100644 --- a/ssp_author_demo/test_system/ac/ac-17.md +++ b/ssp_author_demo/test_system/ac/ac-17.md @@ -1,7 +1,7 @@ --- sort-id: ac-17 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-17 - \[Access Control\] Remote Access @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Authorize each type of remote access to the system prior to allowing such connections. -## Control Control Guidance +## Control Guidance Remote access is access to organizational systems (or processes acting on behalf of users) that communicate through external networks such as the Internet. Types of remote access include dial-up, broadband, and wireless. Organizations use encrypted virtual private networks (VPNs) to enhance confidentiality and integrity for remote connections. The use of encrypted VPNs provides sufficient assurance to the organization that it can effectively treat such connections as internal networks if the cryptographic mechanisms used are implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Still, VPN connections traverse external networks, and the encrypted VPN does not enhance the availability of remote connections. VPNs with encrypted tunnels can also affect the ability to adequately monitor network communications traffic for malicious code. Remote access controls apply to systems other than public web servers or systems designed for public access. Authorization of each remote access type addresses authorization prior to allowing remote access without specifying the specific formats for such authorization. While organizations may use information exchange and system connection security agreements to manage remote access connections to other systems, such agreements are addressed as part of [CA-3](#ca-3). Enforcing access restrictions for remote access is addressed via [AC-3](#ac-3). diff --git a/ssp_author_demo/test_system/ac/ac-18.md b/ssp_author_demo/test_system/ac/ac-18.md index bc69dab..ccba277 100644 --- a/ssp_author_demo/test_system/ac/ac-18.md +++ b/ssp_author_demo/test_system/ac/ac-18.md @@ -1,7 +1,7 @@ --- sort-id: ac-18 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-18 - \[Access Control\] Wireless Access @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Authorize each type of wireless access to the system prior to allowing such connections. -## Control Control Guidance +## Control Guidance Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth. Wireless networks use authentication protocols that provide authenticator protection and mutual authentication. diff --git a/ssp_author_demo/test_system/ac/ac-19.md b/ssp_author_demo/test_system/ac/ac-19.md index 69fbc80..105ad2f 100644 --- a/ssp_author_demo/test_system/ac/ac-19.md +++ b/ssp_author_demo/test_system/ac/ac-19.md @@ -1,7 +1,7 @@ --- sort-id: ac-19 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-19 - \[Access Control\] Access Control for Mobile Devices @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Authorize the connection of mobile devices to organizational systems. -## Control Control Guidance +## Control Guidance A mobile device is a computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection; possesses local, non-removable or removable data storage; and includes a self-contained power source. Mobile device functionality may also include voice communication capabilities, on-board sensors that allow the device to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones and tablets. Mobile devices are typically associated with a single individual. The processing, storage, and transmission capability of the mobile device may be comparable to or merely a subset of notebook/desktop systems, depending on the nature and intended purpose of the device. Protection and control of mobile devices is behavior or policy-based and requires users to take physical action to protect and control such devices when outside of controlled areas. Controlled areas are spaces for which organizations provide physical or procedural controls to meet the requirements established for protecting information and systems. diff --git a/ssp_author_demo/test_system/ac/ac-2.md b/ssp_author_demo/test_system/ac/ac-2.md index 7644f31..7f8c1f5 100644 --- a/ssp_author_demo/test_system/ac/ac-2.md +++ b/ssp_author_demo/test_system/ac/ac-2.md @@ -1,7 +1,7 @@ --- sort-id: ac-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-2 - \[Access Control\] Account Management @@ -44,7 +44,7 @@ x-trestle-sections: - \[l.\] Align account management processes with personnel termination and transfer processes. -## Control Control Guidance +## Control Guidance Examples of system account types include individual, shared, group, system, guest, anonymous, emergency, developer, temporary, and service. Identification of authorized system users and the specification of access privileges reflect the requirements in other controls in the security plan. Users requiring administrative privileges on system accounts receive additional scrutiny by organizational personnel responsible for approving such accounts and privileged access, including system owner, mission or business owner, senior agency information security officer, or senior agency official for privacy. Types of accounts that organizations may wish to prohibit due to increased risk include shared, group, emergency, anonymous, temporary, and guest accounts. diff --git a/ssp_author_demo/test_system/ac/ac-20.md b/ssp_author_demo/test_system/ac/ac-20.md index 487719d..ceaf2cb 100644 --- a/ssp_author_demo/test_system/ac/ac-20.md +++ b/ssp_author_demo/test_system/ac/ac-20.md @@ -1,7 +1,7 @@ --- sort-id: ac-20 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-20 - \[Access Control\] Use of External Systems @@ -15,7 +15,7 @@ x-trestle-sections: - \[b.\] Prohibit the use of organizationally-defined types of external systems. -## Control Control Guidance +## Control Guidance External systems are systems that are used by but not part of organizational systems, and for which the organization has no direct control over the implementation of required controls or the assessment of control effectiveness. External systems include personally owned systems, components, or devices; privately owned computing and communications devices in commercial or public facilities; systems owned or controlled by nonfederal organizations; systems managed by contractors; and federal information systems that are not owned by, operated by, or under the direct supervision or authority of the organization. External systems also include systems owned or operated by other components within the same organization and systems within the organization with different authorization boundaries. Organizations have the option to prohibit the use of any type of external system or prohibit the use of specified types of external systems, (e.g., prohibit the use of any external system that is not organizationally owned or prohibit the use of personally-owned systems). diff --git a/ssp_author_demo/test_system/ac/ac-22.md b/ssp_author_demo/test_system/ac/ac-22.md index 6e4449f..1f45626 100644 --- a/ssp_author_demo/test_system/ac/ac-22.md +++ b/ssp_author_demo/test_system/ac/ac-22.md @@ -1,7 +1,7 @@ --- sort-id: ac-22 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-22 - \[Access Control\] Publicly Accessible Content @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Review the content on the publicly accessible system for nonpublic information organization-defined frequency and remove such information, if discovered. -## Control Control Guidance +## Control Guidance In accordance with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines, the public is not authorized to have access to nonpublic information, including information protected under the [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) and proprietary information. Publicly accessible content addresses systems that are controlled by the organization and accessible to the public, typically without identification or authentication. Posting information on non-organizational systems (e.g., non-organizational public websites, forums, and social media) is covered by organizational policy. While organizations may have individuals who are responsible for developing and implementing policies about the information that can be made publicly accessible, publicly accessible content addresses the management of the individuals who make such information publicly accessible. diff --git a/ssp_author_demo/test_system/ac/ac-3.md b/ssp_author_demo/test_system/ac/ac-3.md index 3a86345..b182bfd 100644 --- a/ssp_author_demo/test_system/ac/ac-3.md +++ b/ssp_author_demo/test_system/ac/ac-3.md @@ -1,7 +1,7 @@ --- sort-id: ac-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-3 - \[Access Control\] Access Enforcement @@ -10,7 +10,7 @@ x-trestle-sections: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. -## Control Control Guidance +## Control Guidance Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection ([PE](#pe)) family. diff --git a/ssp_author_demo/test_system/ac/ac-7.md b/ssp_author_demo/test_system/ac/ac-7.md index 7d62f5c..25566fb 100644 --- a/ssp_author_demo/test_system/ac/ac-7.md +++ b/ssp_author_demo/test_system/ac/ac-7.md @@ -1,7 +1,7 @@ --- sort-id: ac-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-7 - \[Access Control\] Unsuccessful Logon Attempts @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Automatically lock the account or node for an {{ insert: param, ac-7_prm_4 }} ; lock the account or node until released by an administrator; delay next logon prompt per {{ insert: param, ac-7_prm_5 }} ; notify system administrator; take other {{ insert: param, ac-7_prm_6 }} when the maximum number of unsuccessful attempts is exceeded. -## Control Control Guidance +## Control Guidance The need to limit unsuccessful logon attempts and take subsequent action when the maximum number of attempts is exceeded applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of service, automatic lockouts initiated by systems are usually temporary and automatically release after a predetermined, organization-defined time period. If a delay algorithm is selected, organizations may employ different algorithms for different components of the system based on the capabilities of those components. Responses to unsuccessful logon attempts may be implemented at the operating system and the application levels. Organization-defined actions that may be taken when the number of allowed consecutive invalid logon attempts is exceeded include prompting the user to answer a secret question in addition to the username and password, invoking a lockdown mode with limited user capabilities (instead of full lockout), allowing users to only logon from specified Internet Protocol (IP) addresses, requiring a CAPTCHA to prevent automated attacks, or applying user profiles such as location, time of day, IP address, device, or Media Access Control (MAC) address. If automatic system lockout or execution of a delay algorithm is not implemented in support of the availability objective, organizations consider a combination of other actions to help prevent brute force attacks. In addition to the above, organizations can prompt users to respond to a secret question before the number of allowed unsuccessful logon attempts is exceeded. Automatically unlocking an account after a specified period of time is generally not permitted. However, exceptions may be required based on operational mission or need. diff --git a/ssp_author_demo/test_system/ac/ac-8.md b/ssp_author_demo/test_system/ac/ac-8.md index 74aff27..07ece52 100644 --- a/ssp_author_demo/test_system/ac/ac-8.md +++ b/ssp_author_demo/test_system/ac/ac-8.md @@ -1,7 +1,7 @@ --- sort-id: ac-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ac-8 - \[Access Control\] System Use Notification @@ -23,7 +23,7 @@ x-trestle-sections: - \[2.\] Display references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and - \[3.\] Include a description of the authorized uses of the system. -## Control Control Guidance +## Control Guidance System use notifications can be implemented using messages or warning banners displayed before individuals log in to systems. System use notifications are used only for access via logon interfaces with human users. Notifications are not required when human interfaces do not exist. Based on an assessment of risk, organizations consider whether or not a secondary system use notification is needed to access applications or other system resources after the initial network logon. Organizations consider system use notification messages or banners displayed in multiple languages based on organizational needs and the demographics of system users. Organizations consult with the privacy office for input regarding privacy messaging and the Office of the General Counsel or organizational equivalent for legal review and approval of warning banner content. diff --git a/ssp_author_demo/test_system/at/at-1.md b/ssp_author_demo/test_system/at/at-1.md index 47afb64..de9388b 100644 --- a/ssp_author_demo/test_system/at/at-1.md +++ b/ssp_author_demo/test_system/at/at-1.md @@ -1,7 +1,7 @@ --- sort-id: at-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # at-1 - \[Awareness and Training\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Awareness and training policy and procedures address the controls in the AT family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of awareness and training policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to awareness and training policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/at/at-2.2.md b/ssp_author_demo/test_system/at/at-2.2.md index 9c168d3..3f21df1 100644 --- a/ssp_author_demo/test_system/at/at-2.2.md +++ b/ssp_author_demo/test_system/at/at-2.2.md @@ -1,7 +1,7 @@ --- sort-id: at-02.02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # at-2.2 - \[Awareness and Training\] Insider Threat @@ -10,7 +10,7 @@ x-trestle-sections: Provide literacy training on recognizing and reporting potential indicators of insider threat. -## Control Control Guidance +## Control Guidance Potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information not required for job performance; unexplained access to financial resources; bullying or harassment of fellow employees; workplace violence; and other serious violations of policies, procedures, directives, regulations, rules, or practices. Literacy training includes how to communicate the concerns of employees and management regarding potential indicators of insider threat through channels established by the organization and in accordance with established policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role. For example, training for managers may be focused on changes in the behavior of team members, while training for employees may be focused on more general observations. diff --git a/ssp_author_demo/test_system/at/at-2.md b/ssp_author_demo/test_system/at/at-2.md index d727d7f..c966b64 100644 --- a/ssp_author_demo/test_system/at/at-2.md +++ b/ssp_author_demo/test_system/at/at-2.md @@ -1,7 +1,7 @@ --- sort-id: at-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # at-2 - \[Awareness and Training\] Literacy Training and Awareness @@ -19,7 +19,7 @@ x-trestle-sections: - \[d.\] Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques. -## Control Control Guidance +## Control Guidance Organizations provide basic and advanced levels of literacy training to system users, including measures to test the knowledge level of users. Organizations determine the content of literacy training and awareness based on specific organizational requirements, the systems to which personnel have authorized access, and work environments (e.g., telework). The content includes an understanding of the need for security and privacy as well as actions by users to maintain security and personal privacy and to respond to suspected incidents. The content addresses the need for operations security and the handling of personally identifiable information. diff --git a/ssp_author_demo/test_system/at/at-3.md b/ssp_author_demo/test_system/at/at-3.md index 2e676de..626c926 100644 --- a/ssp_author_demo/test_system/at/at-3.md +++ b/ssp_author_demo/test_system/at/at-3.md @@ -1,7 +1,7 @@ --- sort-id: at-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # at-3 - \[Awareness and Training\] Role-based Training @@ -17,7 +17,7 @@ x-trestle-sections: - \[c.\] Incorporate lessons learned from internal or external security incidents or breaches into role-based training. -## Control Control Guidance +## Control Guidance Organizations determine the content of training based on the assigned roles and responsibilities of individuals as well as the security and privacy requirements of organizations and the systems to which personnel have authorized access, including technical training specifically tailored for assigned duties. Roles that may require role-based training include senior leaders or management officials (e.g., head of agency/chief executive officer, chief information officer, senior accountable official for risk management, senior agency information security officer, senior agency official for privacy), system owners; authorizing officials; system security officers; privacy officers; acquisition and procurement officials; enterprise architects; systems engineers; software developers; systems security engineers; privacy engineers; system, network, and database administrators; auditors; personnel conducting configuration management activities; personnel performing verification and validation activities; personnel with access to system-level software; control assessors; personnel with contingency planning and incident response duties; personnel with privacy management responsibilities; and personnel with access to personally identifiable information. diff --git a/ssp_author_demo/test_system/at/at-4.md b/ssp_author_demo/test_system/at/at-4.md index 69a59c6..5f7068b 100644 --- a/ssp_author_demo/test_system/at/at-4.md +++ b/ssp_author_demo/test_system/at/at-4.md @@ -1,7 +1,7 @@ --- sort-id: at-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # at-4 - \[Awareness and Training\] Training Records @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Retain individual training records for organization-defined time period. -## Control Control Guidance +## Control Guidance Documentation for specialized training may be maintained by individual supervisors at the discretion of the organization. The National Archives and Records Administration provides guidance on records retention for federal agencies. diff --git a/ssp_author_demo/test_system/au/au-1.md b/ssp_author_demo/test_system/au/au-1.md index 5bad678..63a6a6c 100644 --- a/ssp_author_demo/test_system/au/au-1.md +++ b/ssp_author_demo/test_system/au/au-1.md @@ -1,7 +1,7 @@ --- sort-id: au-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-1 - \[Audit and Accountability\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Audit and accountability policy and procedures address the controls in the AU family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of audit and accountability policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to audit and accountability policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/au/au-11.md b/ssp_author_demo/test_system/au/au-11.md index 4dfddaf..e47202c 100644 --- a/ssp_author_demo/test_system/au/au-11.md +++ b/ssp_author_demo/test_system/au/au-11.md @@ -1,7 +1,7 @@ --- sort-id: au-11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-11 - \[Audit and Accountability\] Audit Record Retention @@ -10,7 +10,7 @@ x-trestle-sections: Retain audit records for organization-defined time period consistent with records retention policy to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements. -## Control Control Guidance +## Control Guidance Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention. diff --git a/ssp_author_demo/test_system/au/au-12.md b/ssp_author_demo/test_system/au/au-12.md index 5eb54cc..dcbc41c 100644 --- a/ssp_author_demo/test_system/au/au-12.md +++ b/ssp_author_demo/test_system/au/au-12.md @@ -1,7 +1,7 @@ --- sort-id: au-12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-12 - \[Audit and Accountability\] Audit Record Generation @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3). -## Control Control Guidance +## Control Guidance Audit records can be generated from many different system components. The event types specified in [AU-2d](#au-2_smt.d) are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records. diff --git a/ssp_author_demo/test_system/au/au-2.md b/ssp_author_demo/test_system/au/au-2.md index 8ea9d43..a7078be 100644 --- a/ssp_author_demo/test_system/au/au-2.md +++ b/ssp_author_demo/test_system/au/au-2.md @@ -1,7 +1,7 @@ --- sort-id: au-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-2 - \[Audit and Accountability\] Event Logging @@ -18,7 +18,7 @@ x-trestle-sections: - \[e.\] Review and update the event types selected for logging organization-defined frequency. -## Control Control Guidance +## Control Guidance An event is an observable occurrence in a system. The types of events that require logging are those events that are significant and relevant to the security of systems and the privacy of individuals. Event logging also supports specific monitoring and auditing needs. Event types include password changes, failed logons or failed accesses related to systems, security or privacy attribute changes, administrative privilege usage, PIV credential usage, data action changes, query parameters, or external credential usage. In determining the set of event types that require logging, organizations consider the monitoring and auditing appropriate for each of the controls to be implemented. For completeness, event logging includes all protocols that are operational and supported by the system. diff --git a/ssp_author_demo/test_system/au/au-3.md b/ssp_author_demo/test_system/au/au-3.md index 448e1fb..7881ac5 100644 --- a/ssp_author_demo/test_system/au/au-3.md +++ b/ssp_author_demo/test_system/au/au-3.md @@ -1,7 +1,7 @@ --- sort-id: au-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-3 - \[Audit and Accountability\] Content of Audit Records @@ -22,7 +22,7 @@ Ensure that audit records contain information that establishes the following: - \[f.\] Identity of any individuals, subjects, or objects/entities associated with the event. -## Control Control Guidance +## Control Guidance Audit record content that may be necessary to support the auditing function includes event descriptions (item a), time stamps (item b), source and destination addresses (item c), user or process identifiers (items d and f), success or fail indications (item e), and filenames involved (items a, c, e, and f) . Event outcomes include indicators of event success or failure and event-specific results, such as the system security and privacy posture after the event occurred. Organizations consider how audit records can reveal information about individuals that may give rise to privacy risks and how best to mitigate such risks. For example, there is the potential to reveal personally identifiable information in the audit trail, especially if the trail records inputs or is based on patterns or time of usage. diff --git a/ssp_author_demo/test_system/au/au-4.md b/ssp_author_demo/test_system/au/au-4.md index 1fde1e9..192de5f 100644 --- a/ssp_author_demo/test_system/au/au-4.md +++ b/ssp_author_demo/test_system/au/au-4.md @@ -1,7 +1,7 @@ --- sort-id: au-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-4 - \[Audit and Accountability\] Audit Log Storage Capacity @@ -10,7 +10,7 @@ x-trestle-sections: Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements. -## Control Control Guidance +## Control Guidance Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability. diff --git a/ssp_author_demo/test_system/au/au-5.md b/ssp_author_demo/test_system/au/au-5.md index 441e4d3..c7f8f1e 100644 --- a/ssp_author_demo/test_system/au/au-5.md +++ b/ssp_author_demo/test_system/au/au-5.md @@ -1,7 +1,7 @@ --- sort-id: au-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-5 - \[Audit and Accountability\] Response to Audit Logging Process Failures @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Take the following additional actions: organization-defined additional actions. -## Control Control Guidance +## Control Guidance Audit logging process failures include software and hardware errors, failures in audit log capturing mechanisms, and reaching or exceeding audit log storage capacity. Organization-defined actions include overwriting oldest audit records, shutting down the system, and stopping the generation of audit records. Organizations may choose to define additional actions for audit logging process failures based on the type of failure, the location of the failure, the severity of the failure, or a combination of such factors. When the audit logging process failure is related to storage, the response is carried out for the audit log storage repository (i.e., the distinct system component where the audit logs are stored), the system on which the audit logs reside, the total audit log storage capacity of the organization (i.e., all audit log storage repositories combined), or all three. Organizations may decide to take no additional actions after alerting designated roles or personnel. diff --git a/ssp_author_demo/test_system/au/au-6.md b/ssp_author_demo/test_system/au/au-6.md index db0da73..461e1df 100644 --- a/ssp_author_demo/test_system/au/au-6.md +++ b/ssp_author_demo/test_system/au/au-6.md @@ -1,7 +1,7 @@ --- sort-id: au-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-6 - \[Audit and Accountability\] Audit Record Review, Analysis, and Reporting @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. -## Control Control Guidance +## Control Guidance Audit record review, analysis, and reporting covers information security- and privacy-related logging performed by organizations, including logging that results from the monitoring of account usage, remote access, wireless connectivity, mobile device connection, configuration settings, system component inventory, use of maintenance tools and non-local maintenance, physical access, temperature and humidity, equipment delivery and removal, communications at system interfaces, and use of mobile code or Voice over Internet Protocol (VoIP). Findings can be reported to organizational entities that include the incident response team, help desk, and security or privacy offices. If organizations are prohibited from reviewing and analyzing audit records or unable to conduct such activities, the review or analysis may be carried out by other organizations granted such authority. The frequency, scope, and/or depth of the audit record review, analysis, and reporting may be adjusted to meet organizational needs based on new information received. diff --git a/ssp_author_demo/test_system/au/au-8.md b/ssp_author_demo/test_system/au/au-8.md index 9786bcb..eef0a43 100644 --- a/ssp_author_demo/test_system/au/au-8.md +++ b/ssp_author_demo/test_system/au/au-8.md @@ -1,7 +1,7 @@ --- sort-id: au-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-8 - \[Audit and Accountability\] Time Stamps @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Record time stamps for audit records that meet organization-defined granularity of time measurement and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp. -## Control Control Guidance +## Control Guidance Time stamps generated by the system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks (e.g., clocks synchronizing within hundreds of milliseconds or tens of milliseconds). Organizations may define different time granularities for different system components. Time service can be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. diff --git a/ssp_author_demo/test_system/au/au-9.md b/ssp_author_demo/test_system/au/au-9.md index 54d5bbd..6244174 100644 --- a/ssp_author_demo/test_system/au/au-9.md +++ b/ssp_author_demo/test_system/au/au-9.md @@ -1,7 +1,7 @@ --- sort-id: au-09 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # au-9 - \[Audit and Accountability\] Protection of Audit Information @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. -## Control Control Guidance +## Control Guidance Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls. diff --git a/ssp_author_demo/test_system/ca/ca-1.md b/ssp_author_demo/test_system/ca/ca-1.md index 016d5be..8b037f1 100644 --- a/ssp_author_demo/test_system/ca/ca-1.md +++ b/ssp_author_demo/test_system/ca/ca-1.md @@ -1,7 +1,7 @@ --- sort-id: ca-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-1 - \[Assessment, Authorization, and Monitoring\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Assessment, authorization, and monitoring policy and procedures address the controls in the CA family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of assessment, authorization, and monitoring policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to assessment, authorization, and monitoring policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ca/ca-2.md b/ssp_author_demo/test_system/ca/ca-2.md index fbe4a02..7ccaa99 100644 --- a/ssp_author_demo/test_system/ca/ca-2.md +++ b/ssp_author_demo/test_system/ca/ca-2.md @@ -1,7 +1,7 @@ --- sort-id: ca-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-2 - \[Assessment, Authorization, and Monitoring\] Control Assessments @@ -24,7 +24,7 @@ x-trestle-sections: - \[f.\] Provide the results of the control assessment to organization-defined individuals or roles. -## Control Control Guidance +## Control Guidance Organizations ensure that control assessors possess the required skills and technical expertise to develop effective assessment plans and to conduct assessments of system-specific, hybrid, common, and program management controls, as appropriate. The required skills include general knowledge of risk management concepts and approaches as well as comprehensive knowledge of and experience with the hardware, software, and firmware system components implemented. diff --git a/ssp_author_demo/test_system/ca/ca-3.md b/ssp_author_demo/test_system/ca/ca-3.md index 3948b38..516f16e 100644 --- a/ssp_author_demo/test_system/ca/ca-3.md +++ b/ssp_author_demo/test_system/ca/ca-3.md @@ -1,7 +1,7 @@ --- sort-id: ca-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-3 - \[Assessment, Authorization, and Monitoring\] Information Exchange @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Review and update the agreements organization-defined frequency. -## Control Control Guidance +## Control Guidance System information exchange requirements apply to information exchanges between two or more systems. System information exchanges include connections via leased lines or virtual private networks, connections to internet service providers, database sharing or exchanges of database transaction information, connections and exchanges with cloud services, exchanges via web-based services, or exchanges of files via file transfer protocols, network protocols (e.g., IPv4, IPv6), email, or other organization-to-organization communications. Organizations consider the risk related to new or increased threats that may be introduced when systems exchange information with other systems that may have different security and privacy requirements and controls. This includes systems within the same organization and systems that are external to the organization. A joint authorization of the systems exchanging information, as described in [CA-6(1)](#ca-6.1) or [CA-6(2)](#ca-6.2), may help to communicate and reduce risk. diff --git a/ssp_author_demo/test_system/ca/ca-5.md b/ssp_author_demo/test_system/ca/ca-5.md index 3e1f15e..4c52af1 100644 --- a/ssp_author_demo/test_system/ca/ca-5.md +++ b/ssp_author_demo/test_system/ca/ca-5.md @@ -1,7 +1,7 @@ --- sort-id: ca-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-5 - \[Assessment, Authorization, and Monitoring\] Plan of Action and Milestones @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Update existing plan of action and milestones organization-defined frequency based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities. -## Control Control Guidance +## Control Guidance Plans of action and milestones are useful for any type of organization to track planned remedial actions. Plans of action and milestones are required in authorization packages and subject to federal reporting requirements established by OMB. diff --git a/ssp_author_demo/test_system/ca/ca-6.md b/ssp_author_demo/test_system/ca/ca-6.md index d347eb2..6348128 100644 --- a/ssp_author_demo/test_system/ca/ca-6.md +++ b/ssp_author_demo/test_system/ca/ca-6.md @@ -1,7 +1,7 @@ --- sort-id: ca-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-6 - \[Assessment, Authorization, and Monitoring\] Authorization @@ -21,7 +21,7 @@ x-trestle-sections: - \[e.\] Update the authorizations organization-defined frequency. -## Control Control Guidance +## Control Guidance Authorizations are official management decisions by senior officials to authorize operation of systems, authorize the use of common controls for inheritance by organizational systems, and explicitly accept the risk to organizational operations and assets, individuals, other organizations, and the Nation based on the implementation of agreed-upon controls. Authorizing officials provide budgetary oversight for organizational systems and common controls or assume responsibility for the mission and business functions supported by those systems or common controls. The authorization process is a federal responsibility, and therefore, authorizing officials must be federal employees. Authorizing officials are both responsible and accountable for security and privacy risks associated with the operation and use of organizational systems. Nonfederal organizations may have similar processes to authorize systems and senior officials that assume the authorization role and associated responsibilities. diff --git a/ssp_author_demo/test_system/ca/ca-7.4.md b/ssp_author_demo/test_system/ca/ca-7.4.md index 82d8595..24570ff 100644 --- a/ssp_author_demo/test_system/ca/ca-7.4.md +++ b/ssp_author_demo/test_system/ca/ca-7.4.md @@ -1,7 +1,7 @@ --- sort-id: ca-07.04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-7.4 - \[Assessment, Authorization, and Monitoring\] Risk Monitoring @@ -16,7 +16,7 @@ Ensure risk monitoring is an integral part of the continuous monitoring strategy - \[(c)\] Change monitoring. -## Control Control Guidance +## Control Guidance Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk. diff --git a/ssp_author_demo/test_system/ca/ca-7.md b/ssp_author_demo/test_system/ca/ca-7.md index 0e77873..67ec783 100644 --- a/ssp_author_demo/test_system/ca/ca-7.md +++ b/ssp_author_demo/test_system/ca/ca-7.md @@ -1,7 +1,7 @@ --- sort-id: ca-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-7 - \[Assessment, Authorization, and Monitoring\] Continuous Monitoring @@ -24,7 +24,7 @@ Develop a system-level continuous monitoring strategy and implement continuous m - \[g.\] Reporting the security and privacy status of the system to organization-defined personnel or roles organization-defined frequency. -## Control Control Guidance +## Control Guidance Continuous monitoring at the system level facilitates ongoing awareness of the system security and privacy posture to support organizational risk management decisions. The terms "continuous" and "ongoing" imply that organizations assess and monitor their controls and risks at a frequency sufficient to support risk-based decisions. Different types of controls may require different monitoring frequencies. The results of continuous monitoring generate risk response actions by organizations. When monitoring the effectiveness of multiple controls that have been grouped into capabilities, a root-cause analysis may be needed to determine the specific control that has failed. Continuous monitoring programs allow organizations to maintain the authorizations of systems and common controls in highly dynamic environments of operation with changing mission and business needs, threats, vulnerabilities, and technologies. Having access to security and privacy information on a continuing basis through reports and dashboards gives organizational officials the ability to make effective and timely risk management decisions, including ongoing authorization decisions. diff --git a/ssp_author_demo/test_system/ca/ca-9.md b/ssp_author_demo/test_system/ca/ca-9.md index 42a11ca..aebb503 100644 --- a/ssp_author_demo/test_system/ca/ca-9.md +++ b/ssp_author_demo/test_system/ca/ca-9.md @@ -1,7 +1,7 @@ --- sort-id: ca-09 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ca-9 - \[Assessment, Authorization, and Monitoring\] Internal System Connections @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Review organization-defined frequency the continued need for each internal connection. -## Control Control Guidance +## Control Guidance Internal system connections are connections between organizational systems and separate constituent system components (i.e., connections between components that are part of the same system) including components used for system development. Intra-system connections include connections with mobile devices, notebook and desktop computers, tablets, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each internal system connection individually, organizations can authorize internal connections for a class of system components with common characteristics and/or configurations, including printers, scanners, and copiers with a specified processing, transmission, and storage capability or smart phones and tablets with a specific baseline configuration. The continued need for an internal system connection is reviewed from the perspective of whether it provides support for organizational missions or business functions. diff --git a/ssp_author_demo/test_system/cm/cm-1.md b/ssp_author_demo/test_system/cm/cm-1.md index e916abb..cadeef8 100644 --- a/ssp_author_demo/test_system/cm/cm-1.md +++ b/ssp_author_demo/test_system/cm/cm-1.md @@ -1,7 +1,7 @@ --- sort-id: cm-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-1 - \[Configuration Management\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Configuration management policy and procedures address the controls in the CM family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of configuration management policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission/business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to configuration management policy and procedures include, but are not limited to, assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/cm/cm-10.md b/ssp_author_demo/test_system/cm/cm-10.md index dac7ea9..1395bda 100644 --- a/ssp_author_demo/test_system/cm/cm-10.md +++ b/ssp_author_demo/test_system/cm/cm-10.md @@ -1,7 +1,7 @@ --- sort-id: cm-10 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-10 - \[Configuration Management\] Software Usage Restrictions @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. -## Control Control Guidance +## Control Guidance Software license tracking can be accomplished by manual or automated methods, depending on organizational needs. Examples of contract agreements include software license agreements and non-disclosure agreements. diff --git a/ssp_author_demo/test_system/cm/cm-11.md b/ssp_author_demo/test_system/cm/cm-11.md index 2483039..0596612 100644 --- a/ssp_author_demo/test_system/cm/cm-11.md +++ b/ssp_author_demo/test_system/cm/cm-11.md @@ -1,7 +1,7 @@ --- sort-id: cm-11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-11 - \[Configuration Management\] User-installed Software @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Monitor policy compliance organization-defined frequency. -## Control Control Guidance +## Control Guidance If provided the necessary privileges, users can install software in organizational systems. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations include updates and security patches to existing software and downloading new applications from organization-approved "app stores." Prohibited software installations include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. Policies selected for governing user-installed software are organization-developed or provided by some external entity. Policy enforcement methods can include procedural methods and automated methods. diff --git a/ssp_author_demo/test_system/cm/cm-2.md b/ssp_author_demo/test_system/cm/cm-2.md index 5b437de..c829e61 100644 --- a/ssp_author_demo/test_system/cm/cm-2.md +++ b/ssp_author_demo/test_system/cm/cm-2.md @@ -1,7 +1,7 @@ --- sort-id: cm-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-2 - \[Configuration Management\] Baseline Configuration @@ -16,7 +16,7 @@ x-trestle-sections: - \[2.\] When required due to organization-defined circumstances; and - \[3.\] When system components are installed or upgraded. -## Control Control Guidance +## Control Guidance Baseline configurations for systems and system components include connectivity, operational, and communications aspects of systems. Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, or changes to systems and include security and privacy control implementations, operational procedures, information about system components, network topology, and logical placement of components in the system architecture. Maintaining baseline configurations requires creating new baselines as organizational systems change over time. Baseline configurations of systems reflect the current enterprise architecture. diff --git a/ssp_author_demo/test_system/cm/cm-4.md b/ssp_author_demo/test_system/cm/cm-4.md index 96ec5cb..af2fb26 100644 --- a/ssp_author_demo/test_system/cm/cm-4.md +++ b/ssp_author_demo/test_system/cm/cm-4.md @@ -1,7 +1,7 @@ --- sort-id: cm-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-4 - \[Configuration Management\] Impact Analyses @@ -10,7 +10,7 @@ x-trestle-sections: Analyze changes to the system to determine potential security and privacy impacts prior to change implementation. -## Control Control Guidance +## Control Guidance Organizational personnel with security or privacy responsibilities conduct impact analyses. Individuals conducting impact analyses possess the necessary skills and technical expertise to analyze the changes to systems as well as the security or privacy ramifications. Impact analyses include reviewing security and privacy plans, policies, and procedures to understand control requirements; reviewing system design documentation and operational procedures to understand control implementation and how specific system changes might affect the controls; reviewing the impact of changes on organizational supply chain partners with stakeholders; and determining how potential changes to a system create new risks to the privacy of individuals and the ability of implemented controls to mitigate those risks. Impact analyses also include risk assessments to understand the impact of the changes and determine if additional controls are required. diff --git a/ssp_author_demo/test_system/cm/cm-5.md b/ssp_author_demo/test_system/cm/cm-5.md index 48a4848..bac9bc2 100644 --- a/ssp_author_demo/test_system/cm/cm-5.md +++ b/ssp_author_demo/test_system/cm/cm-5.md @@ -1,7 +1,7 @@ --- sort-id: cm-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-5 - \[Configuration Management\] Access Restrictions for Change @@ -10,7 +10,7 @@ x-trestle-sections: Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. -## Control Control Guidance +## Control Guidance Changes to the hardware, software, or firmware components of systems or the operational procedures related to the system can potentially have significant effects on the security of the systems or individuals’ privacy. Therefore, organizations permit only qualified and authorized individuals to access systems for purposes of initiating changes. Access restrictions include physical and logical access controls (see [AC-3](#ac-3) and [PE-3](#pe-3)), software libraries, workflow automation, media libraries, abstract layers (i.e., changes implemented into external interfaces rather than directly into systems), and change windows (i.e., changes occur only during specified times). diff --git a/ssp_author_demo/test_system/cm/cm-6.md b/ssp_author_demo/test_system/cm/cm-6.md index d734616..2f0bcaf 100644 --- a/ssp_author_demo/test_system/cm/cm-6.md +++ b/ssp_author_demo/test_system/cm/cm-6.md @@ -1,7 +1,7 @@ --- sort-id: cm-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-6 - \[Configuration Management\] Configuration Settings @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Monitor and control changes to the configuration settings in accordance with organizational policies and procedures. -## Control Control Guidance +## Control Guidance Configuration settings are the parameters that can be changed in the hardware, software, or firmware components of the system that affect the security and privacy posture or functionality of the system. Information technology products for which configuration settings can be defined include mainframe computers, servers, workstations, operating systems, mobile devices, input/output devices, protocols, and applications. Parameters that impact the security posture of systems include registry settings; account, file, or directory permission settings; and settings for functions, protocols, ports, services, and remote connections. Privacy parameters are parameters impacting the privacy posture of systems, including the parameters required to satisfy other privacy controls. Privacy parameters include settings for access controls, data processing preferences, and processing and retention permissions. Organizations establish organization-wide configuration settings and subsequently derive specific configuration settings for systems. The established settings become part of the configuration baseline for the system. diff --git a/ssp_author_demo/test_system/cm/cm-7.md b/ssp_author_demo/test_system/cm/cm-7.md index 19eb1ad..a5f2a36 100644 --- a/ssp_author_demo/test_system/cm/cm-7.md +++ b/ssp_author_demo/test_system/cm/cm-7.md @@ -1,7 +1,7 @@ --- sort-id: cm-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-7 - \[Configuration Management\] Least Functionality @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services. -## Control Control Guidance +## Control Guidance Systems provide a wide variety of functions and services. Some of the functions and services routinely provided by default may not be necessary to support essential organizational missions, functions, or operations. Additionally, it is sometimes convenient to provide multiple services from a single system component, but doing so increases risk over limiting the services provided by that single component. Where feasible, organizations limit component functionality to a single function per component. Organizations consider removing unused or unnecessary software and disabling unused or unnecessary physical and logical ports and protocols to prevent unauthorized connection of components, transfer of information, and tunneling. Organizations employ network scanning tools, intrusion detection and prevention systems, and end-point protection technologies, such as firewalls and host-based intrusion detection systems, to identify and prevent the use of prohibited functions, protocols, ports, and services. Least functionality can also be achieved as part of the fundamental design and development of the system (see [SA-8](#sa-8), [SC-2](#sc-2), and [SC-3](#sc-3)). diff --git a/ssp_author_demo/test_system/cm/cm-8.md b/ssp_author_demo/test_system/cm/cm-8.md index d4b286f..9544aa9 100644 --- a/ssp_author_demo/test_system/cm/cm-8.md +++ b/ssp_author_demo/test_system/cm/cm-8.md @@ -1,7 +1,7 @@ --- sort-id: cm-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cm-8 - \[Configuration Management\] System Component Inventory @@ -18,7 +18,7 @@ x-trestle-sections: - \[b.\] Review and update the system component inventory organization-defined frequency. -## Control Control Guidance +## Control Guidance System components are discrete, identifiable information technology assets that include hardware, software, and firmware. Organizations may choose to implement centralized system component inventories that include components from all organizational systems. In such situations, organizations ensure that the inventories include system-specific information required for component accountability. The information necessary for effective accountability of system components includes the system name, software owners, software version numbers, hardware inventory specifications, software license information, and for networked components, the machine names and network addresses across all implemented protocols (e.g., IPv4, IPv6). Inventory specifications include date of receipt, cost, model, serial number, manufacturer, supplier information, component type, and physical location. diff --git a/ssp_author_demo/test_system/cp/cp-1.md b/ssp_author_demo/test_system/cp/cp-1.md index 3e0a055..505e073 100644 --- a/ssp_author_demo/test_system/cp/cp-1.md +++ b/ssp_author_demo/test_system/cp/cp-1.md @@ -1,7 +1,7 @@ --- sort-id: cp-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-1 - \[Contingency Planning\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Contingency planning policy and procedures address the controls in the CP family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of contingency planning policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to contingency planning policy and procedures include assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/cp/cp-10.md b/ssp_author_demo/test_system/cp/cp-10.md index c19edc9..524cdce 100644 --- a/ssp_author_demo/test_system/cp/cp-10.md +++ b/ssp_author_demo/test_system/cp/cp-10.md @@ -1,7 +1,7 @@ --- sort-id: cp-10 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-10 - \[Contingency Planning\] System Recovery and Reconstitution @@ -10,7 +10,7 @@ x-trestle-sections: Provide for the recovery and reconstitution of the system to a known state within organization-defined time period consistent with recovery time and recovery point objectives after a disruption, compromise, or failure. -## Control Control Guidance +## Control Guidance Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning. diff --git a/ssp_author_demo/test_system/cp/cp-2.md b/ssp_author_demo/test_system/cp/cp-2.md index a88d7b1..90ac759 100644 --- a/ssp_author_demo/test_system/cp/cp-2.md +++ b/ssp_author_demo/test_system/cp/cp-2.md @@ -1,7 +1,7 @@ --- sort-id: cp-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-2 - \[Contingency Planning\] Contingency Plan @@ -32,7 +32,7 @@ x-trestle-sections: - \[h.\] Protect the contingency plan from unauthorized disclosure and modification. -## Control Control Guidance +## Control Guidance Contingency planning for systems is part of an overall program for achieving continuity of operations for organizational mission and business functions. Contingency planning addresses system restoration and implementation of alternative mission or business processes when systems are compromised or breached. Contingency planning is considered throughout the system development life cycle and is a fundamental part of the system design. Systems can be designed for redundancy, to provide backup capabilities, and for resilience. Contingency plans reflect the degree of restoration required for organizational systems since not all systems need to fully recover to achieve the level of continuity of operations desired. System recovery objectives reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, organizational risk tolerance, and system impact level. diff --git a/ssp_author_demo/test_system/cp/cp-3.md b/ssp_author_demo/test_system/cp/cp-3.md index 50b0018..6d62a75 100644 --- a/ssp_author_demo/test_system/cp/cp-3.md +++ b/ssp_author_demo/test_system/cp/cp-3.md @@ -1,7 +1,7 @@ --- sort-id: cp-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-3 - \[Contingency Planning\] Contingency Training @@ -16,7 +16,7 @@ x-trestle-sections: - \[b.\] Review and update contingency training content organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Contingency training provided by organizations is linked to the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail is included in such training. For example, some individuals may only need to know when and where to report for duty during contingency operations and if normal duties are affected; system administrators may require additional training on how to establish systems at alternate processing and storage sites; and organizational officials may receive more specific training on how to conduct mission-essential functions in designated off-site locations and how to establish communications with other governmental entities for purposes of coordination on contingency-related activities. Training for contingency roles or responsibilities reflects the specific continuity requirements in the contingency plan. Events that may precipitate an update to contingency training content include, but are not limited to, contingency plan testing or an actual contingency (lessons learned), assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. At the discretion of the organization, participation in a contingency plan test or exercise, including lessons learned sessions subsequent to the test or exercise, may satisfy contingency plan training requirements. diff --git a/ssp_author_demo/test_system/cp/cp-4.md b/ssp_author_demo/test_system/cp/cp-4.md index a7e8e99..382dcc7 100644 --- a/ssp_author_demo/test_system/cp/cp-4.md +++ b/ssp_author_demo/test_system/cp/cp-4.md @@ -1,7 +1,7 @@ --- sort-id: cp-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-4 - \[Contingency Planning\] Contingency Plan Testing @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Initiate corrective actions, if needed. -## Control Control Guidance +## Control Guidance Methods for testing contingency plans to determine the effectiveness of the plans and identify potential weaknesses include checklists, walk-through and tabletop exercises, simulations (parallel or full interrupt), and comprehensive exercises. Organizations conduct testing based on the requirements in contingency plans and include a determination of the effects on organizational operations, assets, and individuals due to contingency operations. Organizations have flexibility and discretion in the breadth, depth, and timelines of corrective actions. diff --git a/ssp_author_demo/test_system/cp/cp-9.md b/ssp_author_demo/test_system/cp/cp-9.md index 02c7ecd..6b7c81d 100644 --- a/ssp_author_demo/test_system/cp/cp-9.md +++ b/ssp_author_demo/test_system/cp/cp-9.md @@ -1,7 +1,7 @@ --- sort-id: cp-09 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # cp-9 - \[Contingency Planning\] System Backup @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Protect the confidentiality, integrity, and availability of backup information. -## Control Control Guidance +## Control Guidance System-level information includes system state information, operating system software, middleware, application software, and licenses. User-level information includes information other than system-level information. Mechanisms employed to protect the integrity of system backups include digital signatures and cryptographic hashes. Protection of system backup information while in transit is addressed by [MP-5](#mp-5) and [SC-8](#sc-8). System backups reflect the requirements in contingency plans as well as other organizational requirements for backing up information. Organizations may be subject to laws, executive orders, directives, regulations, or policies with requirements regarding specific categories of information (e.g., personal health information). Organizational personnel consult with the senior agency official for privacy and legal counsel regarding such requirements. diff --git a/ssp_author_demo/test_system/ia/ia-1.md b/ssp_author_demo/test_system/ia/ia-1.md index d806aa5..f1e2382 100644 --- a/ssp_author_demo/test_system/ia/ia-1.md +++ b/ssp_author_demo/test_system/ia/ia-1.md @@ -1,7 +1,7 @@ --- sort-id: ia-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-1 - \[Identification and Authentication\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Identification and authentication policy and procedures address the controls in the IA family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of identification and authentication policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to identification and authentication policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ia/ia-11.md b/ssp_author_demo/test_system/ia/ia-11.md index daf9f12..57f3a77 100644 --- a/ssp_author_demo/test_system/ia/ia-11.md +++ b/ssp_author_demo/test_system/ia/ia-11.md @@ -1,7 +1,7 @@ --- sort-id: ia-11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-11 - \[Identification and Authentication\] Re-authentication @@ -10,7 +10,7 @@ x-trestle-sections: Require users to re-authenticate when organization-defined circumstances or situations requiring re-authentication. -## Control Control Guidance +## Control Guidance In addition to the re-authentication requirements associated with device locks, organizations may require re-authentication of individuals in certain situations, including when roles, authenticators or credentials change, when security categories of systems change, when the execution of privileged functions occurs, after a fixed time period, or periodically. diff --git a/ssp_author_demo/test_system/ia/ia-2.1.md b/ssp_author_demo/test_system/ia/ia-2.1.md index c613cb6..7bf75b0 100644 --- a/ssp_author_demo/test_system/ia/ia-2.1.md +++ b/ssp_author_demo/test_system/ia/ia-2.1.md @@ -1,7 +1,7 @@ --- sort-id: ia-02.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-2.1 - \[Identification and Authentication\] Multi-factor Authentication to Privileged Accounts @@ -10,7 +10,7 @@ x-trestle-sections: Implement multi-factor authentication for access to privileged accounts. -## Control Control Guidance +## Control Guidance Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number \[PIN\]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification (PIV) card or the Department of Defense (DoD) Common Access Card (CAC). In addition to authenticating users at the system level (i.e., at logon), organizations may employ authentication mechanisms at the application level, at their discretion, to provide increased security. Regardless of the type of access (i.e., local, network, remote), privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can add additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access. diff --git a/ssp_author_demo/test_system/ia/ia-2.12.md b/ssp_author_demo/test_system/ia/ia-2.12.md index 32e07ef..489414e 100644 --- a/ssp_author_demo/test_system/ia/ia-2.12.md +++ b/ssp_author_demo/test_system/ia/ia-2.12.md @@ -1,7 +1,7 @@ --- sort-id: ia-02.12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-2.12 - \[Identification and Authentication\] Acceptance of PIV Credentials @@ -10,7 +10,7 @@ x-trestle-sections: Accept and electronically verify Personal Identity Verification-compliant credentials. -## Control Control Guidance +## Control Guidance Acceptance of Personal Identity Verification (PIV)-compliant credentials applies to organizations implementing logical access control and physical access control systems. PIV-compliant credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. The adequacy and reliability of PIV card issuers are authorized using [SP 800-79-2](#10963761-58fc-4b20-b3d6-b44a54daba03). Acceptance of PIV-compliant credentials includes derived PIV credentials, the use of which is addressed in [SP 800-166](#e8552d48-cf41-40aa-8b06-f45f7fb4706c). The DOD Common Access Card (CAC) is an example of a PIV credential. diff --git a/ssp_author_demo/test_system/ia/ia-2.2.md b/ssp_author_demo/test_system/ia/ia-2.2.md index 5073b82..ff6657c 100644 --- a/ssp_author_demo/test_system/ia/ia-2.2.md +++ b/ssp_author_demo/test_system/ia/ia-2.2.md @@ -1,7 +1,7 @@ --- sort-id: ia-02.02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-2.2 - \[Identification and Authentication\] Multi-factor Authentication to Non-privileged Accounts @@ -10,7 +10,7 @@ x-trestle-sections: Implement multi-factor authentication for access to non-privileged accounts. -## Control Control Guidance +## Control Guidance Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number \[PIN\]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification card or the DoD Common Access Card. In addition to authenticating users at the system level, organizations may also employ authentication mechanisms at the application level, at their discretion, to provide increased information security. Regardless of the type of access (i.e., local, network, remote), non-privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can provide additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access. diff --git a/ssp_author_demo/test_system/ia/ia-2.8.md b/ssp_author_demo/test_system/ia/ia-2.8.md index 2e6de55..8166d7a 100644 --- a/ssp_author_demo/test_system/ia/ia-2.8.md +++ b/ssp_author_demo/test_system/ia/ia-2.8.md @@ -1,7 +1,7 @@ --- sort-id: ia-02.08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-2.8 - \[Identification and Authentication\] Access to Accounts — Replay Resistant @@ -10,7 +10,7 @@ x-trestle-sections: Implement replay-resistant authentication mechanisms for access to privileged accounts; non-privileged accounts. -## Control Control Guidance +## Control Guidance Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators. diff --git a/ssp_author_demo/test_system/ia/ia-2.md b/ssp_author_demo/test_system/ia/ia-2.md index 07f2aeb..c3fdb16 100644 --- a/ssp_author_demo/test_system/ia/ia-2.md +++ b/ssp_author_demo/test_system/ia/ia-2.md @@ -1,7 +1,7 @@ --- sort-id: ia-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-2 - \[Identification and Authentication\] Identification and Authentication (organizational Users) @@ -10,7 +10,7 @@ x-trestle-sections: Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. -## Control Control Guidance +## Control Guidance Organizations can satisfy the identification and authentication requirements by complying with the requirements in [HSPD 12](#f16e438e-7114-4144-bfe2-2dfcad8cb2d0). Organizational users include employees or individuals who organizations consider to have an equivalent status to employees (e.g., contractors and guest researchers). Unique identification and authentication of users applies to all accesses other than those that are explicitly identified in [AC-14](#ac-14) and that occur through the authorized use of group authenticators without individual authentication. Since processes execute on behalf of groups and roles, organizations may require unique identification of individuals in group accounts or for detailed accountability of individual activity. diff --git a/ssp_author_demo/test_system/ia/ia-4.md b/ssp_author_demo/test_system/ia/ia-4.md index 9b8a3e7..b0a6f2d 100644 --- a/ssp_author_demo/test_system/ia/ia-4.md +++ b/ssp_author_demo/test_system/ia/ia-4.md @@ -1,7 +1,7 @@ --- sort-id: ia-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-4 - \[Identification and Authentication\] Identifier Management @@ -18,7 +18,7 @@ Manage system identifiers by: - \[d.\] Preventing reuse of identifiers for organization-defined time period. -## Control Control Guidance +## Control Guidance Common device identifiers include Media Access Control (MAC) addresses, Internet Protocol (IP) addresses, or device-unique token identifiers. The management of individual identifiers is not applicable to shared system accounts. Typically, individual identifiers are the usernames of the system accounts assigned to those individuals. In such instances, the account management activities of [AC-2](#ac-2) use account names provided by [IA-4](#ia-4). Identifier management also addresses individual identifiers not necessarily associated with system accounts. Preventing the reuse of identifiers implies preventing the assignment of previously used individual, group, role, service, or device identifiers to different individuals, groups, roles, services, or devices. diff --git a/ssp_author_demo/test_system/ia/ia-5.1.md b/ssp_author_demo/test_system/ia/ia-5.1.md index d59d949..c4b3c62 100644 --- a/ssp_author_demo/test_system/ia/ia-5.1.md +++ b/ssp_author_demo/test_system/ia/ia-5.1.md @@ -1,7 +1,7 @@ --- sort-id: ia-05.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-5.1 - \[Identification and Authentication\] Password-based Authentication @@ -26,7 +26,7 @@ For password-based authentication: - \[(h)\] Enforce the following composition and complexity rules: organization-defined composition and complexity rules. -## Control Control Guidance +## Control Guidance Password-based authentication applies to passwords regardless of whether they are used in single-factor or multi-factor authentication. Long passwords or passphrases are preferable over shorter passwords. Enforced composition rules provide marginal security benefits while decreasing usability. However, organizations may choose to establish certain rules for password generation (e.g., minimum character length for long passwords) under certain circumstances and can enforce this requirement in IA-5(1)(h). Account recovery can occur, for example, in situations when a password is forgotten. Cryptographically protected passwords include salted one-way cryptographic hashes of passwords. The list of commonly used, compromised, or expected passwords includes passwords obtained from previous breach corpuses, dictionary words, and repetitive or sequential characters. The list includes context-specific words, such as the name of the service, username, and derivatives thereof. diff --git a/ssp_author_demo/test_system/ia/ia-5.md b/ssp_author_demo/test_system/ia/ia-5.md index 61e634c..b7397d3 100644 --- a/ssp_author_demo/test_system/ia/ia-5.md +++ b/ssp_author_demo/test_system/ia/ia-5.md @@ -1,7 +1,7 @@ --- sort-id: ia-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-5 - \[Identification and Authentication\] Authenticator Management @@ -28,7 +28,7 @@ Manage system authenticators by: - \[i.\] Changing authenticators for group or role accounts when membership to those accounts changes. -## Control Control Guidance +## Control Guidance Authenticators include passwords, cryptographic devices, biometrics, certificates, one-time password devices, and ID badges. Device authenticators include certificates and passwords. Initial authenticator content is the actual content of the authenticator (e.g., the initial password). In contrast, the requirements for authenticator content contain specific criteria or characteristics (e.g., minimum password length). Developers may deliver system components with factory default authentication credentials (i.e., passwords) to allow for initial installation and configuration. Default authentication credentials are often well known, easily discoverable, and present a significant risk. The requirement to protect individual authenticators may be implemented via control [PL-4](#pl-4) or [PS-6](#ps-6) for authenticators in the possession of individuals and by controls [AC-3](#ac-3), [AC-6](#ac-6), and [SC-28](#sc-28) for authenticators stored in organizational systems, including passwords stored in hashed or encrypted formats or files containing encrypted or hashed passwords accessible with administrator privileges. diff --git a/ssp_author_demo/test_system/ia/ia-6.md b/ssp_author_demo/test_system/ia/ia-6.md index 2e45306..72734b1 100644 --- a/ssp_author_demo/test_system/ia/ia-6.md +++ b/ssp_author_demo/test_system/ia/ia-6.md @@ -1,7 +1,7 @@ --- sort-id: ia-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-6 - \[Identification and Authentication\] Authentication Feedback @@ -10,7 +10,7 @@ x-trestle-sections: Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. -## Control Control Guidance +## Control Guidance Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it. diff --git a/ssp_author_demo/test_system/ia/ia-7.md b/ssp_author_demo/test_system/ia/ia-7.md index ea73bf6..d61e819 100644 --- a/ssp_author_demo/test_system/ia/ia-7.md +++ b/ssp_author_demo/test_system/ia/ia-7.md @@ -1,7 +1,7 @@ --- sort-id: ia-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-7 - \[Identification and Authentication\] Cryptographic Module Authentication @@ -10,7 +10,7 @@ x-trestle-sections: Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. -## Control Control Guidance +## Control Guidance Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role. diff --git a/ssp_author_demo/test_system/ia/ia-8.1.md b/ssp_author_demo/test_system/ia/ia-8.1.md index b6a4fb0..e7c44f3 100644 --- a/ssp_author_demo/test_system/ia/ia-8.1.md +++ b/ssp_author_demo/test_system/ia/ia-8.1.md @@ -1,7 +1,7 @@ --- sort-id: ia-08.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-8.1 - \[Identification and Authentication\] Acceptance of PIV Credentials from Other Agencies @@ -10,7 +10,7 @@ x-trestle-sections: Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies. -## Control Control Guidance +## Control Guidance Acceptance of Personal Identity Verification (PIV) credentials from other federal agencies applies to both logical and physical access control systems. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidelines. The adequacy and reliability of PIV card issuers are addressed and authorized using [SP 800-79-2](#10963761-58fc-4b20-b3d6-b44a54daba03). diff --git a/ssp_author_demo/test_system/ia/ia-8.2.md b/ssp_author_demo/test_system/ia/ia-8.2.md index a61d6cf..244722d 100644 --- a/ssp_author_demo/test_system/ia/ia-8.2.md +++ b/ssp_author_demo/test_system/ia/ia-8.2.md @@ -1,7 +1,7 @@ --- sort-id: ia-08.02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-8.2 - \[Identification and Authentication\] Acceptance of External Authenticators @@ -12,7 +12,7 @@ x-trestle-sections: - \[(b)\] Document and maintain a list of accepted external authenticators. -## Control Control Guidance +## Control Guidance Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B](#e59c5a7c-8b1f-49ca-8de0-6ee0882180ce). Approved external authenticators meet or exceed the minimum Federal Government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding Federal requirements allows Federal Government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level. diff --git a/ssp_author_demo/test_system/ia/ia-8.4.md b/ssp_author_demo/test_system/ia/ia-8.4.md index d3274a4..0fc21a2 100644 --- a/ssp_author_demo/test_system/ia/ia-8.4.md +++ b/ssp_author_demo/test_system/ia/ia-8.4.md @@ -1,7 +1,7 @@ --- sort-id: ia-08.04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-8.4 - \[Identification and Authentication\] Use of Defined Profiles @@ -10,7 +10,7 @@ x-trestle-sections: Conform to the following profiles for identity management organization-defined identity management profiles. -## Control Control Guidance +## Control Guidance Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. diff --git a/ssp_author_demo/test_system/ia/ia-8.md b/ssp_author_demo/test_system/ia/ia-8.md index ced7818..0d541dd 100644 --- a/ssp_author_demo/test_system/ia/ia-8.md +++ b/ssp_author_demo/test_system/ia/ia-8.md @@ -1,7 +1,7 @@ --- sort-id: ia-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ia-8 - \[Identification and Authentication\] Identification and Authentication (non-organizational Users) @@ -10,7 +10,7 @@ x-trestle-sections: Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users. -## Control Control Guidance +## Control Guidance Non-organizational users include system users other than organizational users explicitly covered by [IA-2](#ia-2). Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in [AC-14](#ac-14). Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors—including security, privacy, scalability, and practicality—when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk. diff --git a/ssp_author_demo/test_system/ir/ir-1.md b/ssp_author_demo/test_system/ir/ir-1.md index 8c86360..9d020f8 100644 --- a/ssp_author_demo/test_system/ir/ir-1.md +++ b/ssp_author_demo/test_system/ir/ir-1.md @@ -1,7 +1,7 @@ --- sort-id: ir-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-1 - \[Incident Response\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Incident response policy and procedures address the controls in the IR family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of incident response policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to incident response policy and procedures include assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ir/ir-2.md b/ssp_author_demo/test_system/ir/ir-2.md index 67272d5..66594a5 100644 --- a/ssp_author_demo/test_system/ir/ir-2.md +++ b/ssp_author_demo/test_system/ir/ir-2.md @@ -1,7 +1,7 @@ --- sort-id: ir-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-2 - \[Incident Response\] Incident Response Training @@ -16,7 +16,7 @@ x-trestle-sections: - \[b.\] Review and update incident response training content organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Incident response training is associated with the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail are included in such training. For example, users may only need to know who to call or how to recognize an incident; system administrators may require additional training on how to handle incidents; and incident responders may receive more specific training on forensics, data collection techniques, reporting, system recovery, and system restoration. Incident response training includes user training in identifying and reporting suspicious activities from external and internal sources. Incident response training for users may be provided as part of [AT-2](#at-2) or [AT-3](#at-3). Events that may precipitate an update to incident response training content include, but are not limited to, incident response plan testing or response to an actual incident (lessons learned), assessment or audit findings, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. diff --git a/ssp_author_demo/test_system/ir/ir-4.md b/ssp_author_demo/test_system/ir/ir-4.md index e7acef6..c1ae5e3 100644 --- a/ssp_author_demo/test_system/ir/ir-4.md +++ b/ssp_author_demo/test_system/ir/ir-4.md @@ -1,7 +1,7 @@ --- sort-id: ir-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-4 - \[Incident Response\] Incident Handling @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization. -## Control Control Guidance +## Control Guidance Organizations recognize that incident response capabilities are dependent on the capabilities of organizational systems and the mission and business processes being supported by those systems. Organizations consider incident response as part of the definition, design, and development of mission and business processes and systems. Incident-related information can be obtained from a variety of sources, including audit monitoring, physical access monitoring, and network monitoring; user or administrator reports; and reported supply chain events. An effective incident handling capability includes coordination among many organizational entities (e.g., mission or business owners, system owners, authorizing officials, human resources offices, physical security offices, personnel security offices, legal departments, risk executive \[function\], operations personnel, procurement offices). Suspected security incidents include the receipt of suspicious email communications that can contain malicious code. Suspected supply chain incidents include the insertion of counterfeit hardware or malicious code into organizational systems or system components. For federal agencies, an incident that involves personally identifiable information is considered a breach. A breach results in unauthorized disclosure, the loss of control, unauthorized acquisition, compromise, or a similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information or an authorized user accesses or potentially accesses such information for other than authorized purposes. diff --git a/ssp_author_demo/test_system/ir/ir-5.md b/ssp_author_demo/test_system/ir/ir-5.md index 93a0684..c4c1d94 100644 --- a/ssp_author_demo/test_system/ir/ir-5.md +++ b/ssp_author_demo/test_system/ir/ir-5.md @@ -1,7 +1,7 @@ --- sort-id: ir-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-5 - \[Incident Response\] Incident Monitoring @@ -10,7 +10,7 @@ x-trestle-sections: Track and document incidents. -## Control Control Guidance +## Control Guidance Documenting incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics as well as evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources, including network monitoring, incident reports, incident response teams, user complaints, supply chain partners, audit monitoring, physical access monitoring, and user and administrator reports. [IR-4](#ir-4) provides information on the types of incidents that are appropriate for monitoring. diff --git a/ssp_author_demo/test_system/ir/ir-6.md b/ssp_author_demo/test_system/ir/ir-6.md index df9f2b9..e79dab1 100644 --- a/ssp_author_demo/test_system/ir/ir-6.md +++ b/ssp_author_demo/test_system/ir/ir-6.md @@ -1,7 +1,7 @@ --- sort-id: ir-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-6 - \[Incident Response\] Incident Reporting @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Report incident information to organization-defined authorities. -## Control Control Guidance +## Control Guidance The types of incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Incident information can inform risk assessments, control effectiveness assessments, security requirements for acquisitions, and selection criteria for technology products. diff --git a/ssp_author_demo/test_system/ir/ir-7.md b/ssp_author_demo/test_system/ir/ir-7.md index d732979..a9bc1c4 100644 --- a/ssp_author_demo/test_system/ir/ir-7.md +++ b/ssp_author_demo/test_system/ir/ir-7.md @@ -1,7 +1,7 @@ --- sort-id: ir-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-7 - \[Incident Response\] Incident Response Assistance @@ -10,7 +10,7 @@ x-trestle-sections: Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents. -## Control Control Guidance +## Control Guidance Incident response support resources provided by organizations include help desks, assistance groups, automated ticketing systems to open and track incident response tickets, and access to forensics services or consumer redress services, when required. diff --git a/ssp_author_demo/test_system/ir/ir-8.md b/ssp_author_demo/test_system/ir/ir-8.md index 07d27e8..f8216ea 100644 --- a/ssp_author_demo/test_system/ir/ir-8.md +++ b/ssp_author_demo/test_system/ir/ir-8.md @@ -1,7 +1,7 @@ --- sort-id: ir-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ir-8 - \[Incident Response\] Incident Response Plan @@ -29,7 +29,7 @@ x-trestle-sections: - \[e.\] Protect the incident response plan from unauthorized disclosure and modification. -## Control Control Guidance +## Control Guidance It is important that organizations develop and implement a coordinated approach to incident response. Organizational mission and business functions determine the structure of incident response capabilities. As part of the incident response capabilities, organizations consider the coordination and sharing of information with external organizations, including external service providers and other organizations involved in the supply chain. For incidents involving personally identifiable information (i.e., breaches), include a process to determine whether notice to oversight organizations or affected individuals is appropriate and provide that notice accordingly. diff --git a/ssp_author_demo/test_system/ma/ma-1.md b/ssp_author_demo/test_system/ma/ma-1.md index 11c1139..f5af444 100644 --- a/ssp_author_demo/test_system/ma/ma-1.md +++ b/ssp_author_demo/test_system/ma/ma-1.md @@ -1,7 +1,7 @@ --- sort-id: ma-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ma-1 - \[Maintenance\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Maintenance policy and procedures address the controls in the MA family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of maintenance policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to maintenance policy and procedures assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ma/ma-2.md b/ssp_author_demo/test_system/ma/ma-2.md index 49fc658..e959c34 100644 --- a/ssp_author_demo/test_system/ma/ma-2.md +++ b/ssp_author_demo/test_system/ma/ma-2.md @@ -1,7 +1,7 @@ --- sort-id: ma-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ma-2 - \[Maintenance\] Controlled Maintenance @@ -20,7 +20,7 @@ x-trestle-sections: - \[f.\] Include the following information in organizational maintenance records: organization-defined information. -## Control Control Guidance +## Control Guidance Controlling system maintenance addresses the information security aspects of the system maintenance program and applies to all types of maintenance to system components conducted by local or nonlocal entities. Maintenance includes peripherals such as scanners, copiers, and printers. Information necessary for creating effective maintenance records includes the date and time of maintenance, a description of the maintenance performed, names of the individuals or group performing the maintenance, name of the escort, and system components or equipment that are removed or replaced. Organizations consider supply chain-related risks associated with replacement components for systems. diff --git a/ssp_author_demo/test_system/ma/ma-4.md b/ssp_author_demo/test_system/ma/ma-4.md index 7e69d5a..f028f22 100644 --- a/ssp_author_demo/test_system/ma/ma-4.md +++ b/ssp_author_demo/test_system/ma/ma-4.md @@ -1,7 +1,7 @@ --- sort-id: ma-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ma-4 - \[Maintenance\] Nonlocal Maintenance @@ -18,7 +18,7 @@ x-trestle-sections: - \[e.\] Terminate session and network connections when nonlocal maintenance is completed. -## Control Control Guidance +## Control Guidance Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Local maintenance and diagnostic activities are carried out by individuals who are physically present at the system location and not communicating across a network connection. Authentication techniques used to establish nonlocal maintenance and diagnostic sessions reflect the network access requirements in [IA-2](#ia-2). Strong authentication requires authenticators that are resistant to replay attacks and employ multi-factor authentication. Strong authenticators include PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Enforcing requirements in [MA-4](#ma-4) is accomplished, in part, by other controls. [SP 800-63B](#e59c5a7c-8b1f-49ca-8de0-6ee0882180ce) provides additional guidance on strong authentication and authenticators. diff --git a/ssp_author_demo/test_system/ma/ma-5.md b/ssp_author_demo/test_system/ma/ma-5.md index bfc3313..67d18a6 100644 --- a/ssp_author_demo/test_system/ma/ma-5.md +++ b/ssp_author_demo/test_system/ma/ma-5.md @@ -1,7 +1,7 @@ --- sort-id: ma-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ma-5 - \[Maintenance\] Maintenance Personnel @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations. -## Control Control Guidance +## Control Guidance Maintenance personnel refers to individuals who perform hardware or software maintenance on organizational systems, while [PE-2](#pe-2) addresses physical access for individuals whose maintenance duties place them within the physical protection perimeter of the systems. Technical competence of supervising individuals relates to the maintenance performed on the systems, while having required access authorizations refers to maintenance on and near the systems. Individuals not previously identified as authorized maintenance personnel—such as information technology manufacturers, vendors, systems integrators, and consultants—may require privileged access to organizational systems, such as when they are required to conduct maintenance activities with little or no notice. Based on organizational assessments of risk, organizations may issue temporary credentials to these individuals. Temporary credentials may be for one-time use or for very limited time periods. diff --git a/ssp_author_demo/test_system/mp/mp-1.md b/ssp_author_demo/test_system/mp/mp-1.md index 5d35b12..eedf09f 100644 --- a/ssp_author_demo/test_system/mp/mp-1.md +++ b/ssp_author_demo/test_system/mp/mp-1.md @@ -1,7 +1,7 @@ --- sort-id: mp-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # mp-1 - \[Media Protection\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Media protection policy and procedures address the controls in the MP family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of media protection policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to media protection policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/mp/mp-2.md b/ssp_author_demo/test_system/mp/mp-2.md index 587f1ea..47e10ae 100644 --- a/ssp_author_demo/test_system/mp/mp-2.md +++ b/ssp_author_demo/test_system/mp/mp-2.md @@ -1,7 +1,7 @@ --- sort-id: mp-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # mp-2 - \[Media Protection\] Media Access @@ -10,7 +10,7 @@ x-trestle-sections: Restrict access to organization-defined types of digital and/or non-digital media to organization-defined personnel or roles. -## Control Control Guidance +## Control Guidance System media includes digital and non-digital media. Digital media includes flash drives, diskettes, magnetic tapes, external or removable hard disk drives (e.g., solid state, magnetic), compact discs, and digital versatile discs. Non-digital media includes paper and microfilm. Denying access to patient medical records in a community hospital unless the individuals seeking access to such records are authorized healthcare providers is an example of restricting access to non-digital media. Limiting access to the design specifications stored on compact discs in the media library to individuals on the system development team is an example of restricting access to digital media. diff --git a/ssp_author_demo/test_system/mp/mp-6.md b/ssp_author_demo/test_system/mp/mp-6.md index 0bfce8b..5ffbb3f 100644 --- a/ssp_author_demo/test_system/mp/mp-6.md +++ b/ssp_author_demo/test_system/mp/mp-6.md @@ -1,7 +1,7 @@ --- sort-id: mp-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # mp-6 - \[Media Protection\] Media Sanitization @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information. -## Control Control Guidance +## Control Guidance Media sanitization applies to all digital and non-digital system media subject to disposal or reuse, whether or not the media is considered removable. Examples include digital media in scanners, copiers, printers, notebook computers, workstations, network components, mobile devices, and non-digital media (e.g., paper and microfilm). The sanitization process removes information from system media such that the information cannot be retrieved or reconstructed. Sanitization techniques—including clearing, purging, cryptographic erase, de-identification of personally identifiable information, and destruction—prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal. Organizations determine the appropriate sanitization methods, recognizing that destruction is sometimes necessary when other methods cannot be applied to media requiring sanitization. Organizations use discretion on the employment of approved sanitization techniques and procedures for media that contains information deemed to be in the public domain or publicly releasable or information deemed to have no adverse impact on organizations or individuals if released for reuse or disposal. Sanitization of non-digital media includes destruction, removing a classified appendix from an otherwise unclassified document, or redacting selected sections or words from a document by obscuring the redacted sections or words in a manner equivalent in effectiveness to removing them from the document. NSA standards and policies control the sanitization process for media that contains classified information. NARA policies control the sanitization process for controlled unclassified information. diff --git a/ssp_author_demo/test_system/mp/mp-7.md b/ssp_author_demo/test_system/mp/mp-7.md index 4a633ea..81cb524 100644 --- a/ssp_author_demo/test_system/mp/mp-7.md +++ b/ssp_author_demo/test_system/mp/mp-7.md @@ -1,7 +1,7 @@ --- sort-id: mp-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # mp-7 - \[Media Protection\] Media Use @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner. -## Control Control Guidance +## Control Guidance System media includes both digital and non-digital media. Digital media includes diskettes, magnetic tapes, flash drives, compact discs, digital versatile discs, and removable hard disk drives. Non-digital media includes paper and microfilm. Media use protections also apply to mobile devices with information storage capabilities. In contrast to [MP-2](#mp-2), which restricts user access to media, MP-7 restricts the use of certain types of media on systems, for example, restricting or prohibiting the use of flash drives or external hard disk drives. Organizations use technical and nontechnical controls to restrict the use of system media. Organizations may restrict the use of portable storage devices, for example, by using physical cages on workstations to prohibit access to certain external ports or disabling or removing the ability to insert, read, or write to such devices. Organizations may also limit the use of portable storage devices to only approved devices, including devices provided by the organization, devices provided by other approved organizations, and devices that are not personally owned. Finally, organizations may restrict the use of portable storage devices based on the type of device, such as by prohibiting the use of writeable, portable storage devices and implementing this restriction by disabling or removing the capability to write to such devices. Requiring identifiable owners for storage devices reduces the risk of using such devices by allowing organizations to assign responsibility for addressing known vulnerabilities in the devices. diff --git a/ssp_author_demo/test_system/pe/pe-1.md b/ssp_author_demo/test_system/pe/pe-1.md index ea9ea45..e0a3298 100644 --- a/ssp_author_demo/test_system/pe/pe-1.md +++ b/ssp_author_demo/test_system/pe/pe-1.md @@ -1,7 +1,7 @@ --- sort-id: pe-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-1 - \[Physical and Environmental Protection\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Physical and environmental protection policy and procedures address the controls in the PE family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of physical and environmental protection policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to physical and environmental protection policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/pe/pe-12.md b/ssp_author_demo/test_system/pe/pe-12.md index 67d9810..365087a 100644 --- a/ssp_author_demo/test_system/pe/pe-12.md +++ b/ssp_author_demo/test_system/pe/pe-12.md @@ -1,7 +1,7 @@ --- sort-id: pe-12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-12 - \[Physical and Environmental Protection\] Emergency Lighting @@ -10,7 +10,7 @@ x-trestle-sections: Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. -## Control Control Guidance +## Control Guidance The provision of emergency lighting applies primarily to organizational facilities that contain concentrations of system resources, including data centers, server rooms, and mainframe computer rooms. Emergency lighting provisions for the system are described in the contingency plan for the organization. If emergency lighting for the system fails or cannot be provided, organizations consider alternate processing sites for power-related contingencies. diff --git a/ssp_author_demo/test_system/pe/pe-13.md b/ssp_author_demo/test_system/pe/pe-13.md index 38b2a0a..19a752e 100644 --- a/ssp_author_demo/test_system/pe/pe-13.md +++ b/ssp_author_demo/test_system/pe/pe-13.md @@ -1,7 +1,7 @@ --- sort-id: pe-13 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-13 - \[Physical and Environmental Protection\] Fire Protection @@ -10,7 +10,7 @@ x-trestle-sections: Employ and maintain fire detection and suppression systems that are supported by an independent energy source. -## Control Control Guidance +## Control Guidance The provision of fire detection and suppression systems applies primarily to organizational facilities that contain concentrations of system resources, including data centers, server rooms, and mainframe computer rooms. Fire detection and suppression systems that may require an independent energy source include sprinkler systems and smoke detectors. An independent energy source is an energy source, such as a microgrid, that is separate, or can be separated, from the energy sources providing power for the other parts of the facility. diff --git a/ssp_author_demo/test_system/pe/pe-14.md b/ssp_author_demo/test_system/pe/pe-14.md index f78ce9a..b92d34b 100644 --- a/ssp_author_demo/test_system/pe/pe-14.md +++ b/ssp_author_demo/test_system/pe/pe-14.md @@ -1,7 +1,7 @@ --- sort-id: pe-14 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-14 - \[Physical and Environmental Protection\] Environmental Controls @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Monitor environmental control levels organization-defined frequency. -## Control Control Guidance +## Control Guidance The provision of environmental controls applies primarily to organizational facilities that contain concentrations of system resources (e.g., data centers, mainframe computer rooms, and server rooms). Insufficient environmental controls, especially in very harsh environments, can have a significant adverse impact on the availability of systems and system components that are needed to support organizational mission and business functions. diff --git a/ssp_author_demo/test_system/pe/pe-15.md b/ssp_author_demo/test_system/pe/pe-15.md index e4eccd5..dd18269 100644 --- a/ssp_author_demo/test_system/pe/pe-15.md +++ b/ssp_author_demo/test_system/pe/pe-15.md @@ -1,7 +1,7 @@ --- sort-id: pe-15 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-15 - \[Physical and Environmental Protection\] Water Damage Protection @@ -10,7 +10,7 @@ x-trestle-sections: Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. -## Control Control Guidance +## Control Guidance The provision of water damage protection primarily applies to organizational facilities that contain concentrations of system resources, including data centers, server rooms, and mainframe computer rooms. Isolation valves can be employed in addition to or in lieu of master shutoff valves to shut off water supplies in specific areas of concern without affecting entire organizations. diff --git a/ssp_author_demo/test_system/pe/pe-16.md b/ssp_author_demo/test_system/pe/pe-16.md index 4b3836d..37dcd0d 100644 --- a/ssp_author_demo/test_system/pe/pe-16.md +++ b/ssp_author_demo/test_system/pe/pe-16.md @@ -1,7 +1,7 @@ --- sort-id: pe-16 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-16 - \[Physical and Environmental Protection\] Delivery and Removal @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Maintain records of the system components. -## Control Control Guidance +## Control Guidance Enforcing authorizations for entry and exit of system components may require restricting access to delivery areas and isolating the areas from the system and media libraries. diff --git a/ssp_author_demo/test_system/pe/pe-2.md b/ssp_author_demo/test_system/pe/pe-2.md index c2f2ab7..2648407 100644 --- a/ssp_author_demo/test_system/pe/pe-2.md +++ b/ssp_author_demo/test_system/pe/pe-2.md @@ -1,7 +1,7 @@ --- sort-id: pe-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-2 - \[Physical and Environmental Protection\] Physical Access Authorizations @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Remove individuals from the facility access list when access is no longer required. -## Control Control Guidance +## Control Guidance Physical access authorizations apply to employees and visitors. Individuals with permanent physical access authorization credentials are not considered visitors. Authorization credentials include ID badges, identification cards, and smart cards. Organizations determine the strength of authorization credentials needed consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Physical access authorizations may not be necessary to access certain areas within facilities that are designated as publicly accessible. diff --git a/ssp_author_demo/test_system/pe/pe-3.md b/ssp_author_demo/test_system/pe/pe-3.md index ee5291d..c6d4b01 100644 --- a/ssp_author_demo/test_system/pe/pe-3.md +++ b/ssp_author_demo/test_system/pe/pe-3.md @@ -1,7 +1,7 @@ --- sort-id: pe-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-3 - \[Physical and Environmental Protection\] Physical Access Control @@ -25,7 +25,7 @@ x-trestle-sections: - \[g.\] Change combinations and keys organization-defined frequency and/or when keys are lost, combinations are compromised, or when individuals possessing the keys or combinations are transferred or terminated. -## Control Control Guidance +## Control Guidance Physical access control applies to employees and visitors. Individuals with permanent physical access authorizations are not considered visitors. Physical access controls for publicly accessible areas may include physical access control logs/records, guards, or physical access devices and barriers to prevent movement from publicly accessible areas to non-public areas. Organizations determine the types of guards needed, including professional security staff, system users, or administrative staff. Physical access devices include keys, locks, combinations, biometric readers, and card readers. Physical access control systems comply with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. Organizations have flexibility in the types of audit logs employed. Audit logs can be procedural, automated, or some combination thereof. Physical access points can include facility access points, interior access points to systems that require supplemental access controls, or both. Components of systems may be in areas designated as publicly accessible with organizations controlling access to the components. diff --git a/ssp_author_demo/test_system/pe/pe-6.md b/ssp_author_demo/test_system/pe/pe-6.md index 1999226..c6c6d97 100644 --- a/ssp_author_demo/test_system/pe/pe-6.md +++ b/ssp_author_demo/test_system/pe/pe-6.md @@ -1,7 +1,7 @@ --- sort-id: pe-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-6 - \[Physical and Environmental Protection\] Monitoring Physical Access @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Coordinate results of reviews and investigations with the organizational incident response capability. -## Control Control Guidance +## Control Guidance Physical access monitoring includes publicly accessible areas within organizational facilities. Examples of physical access monitoring include the employment of guards, video surveillance equipment (i.e., cameras), and sensor devices. Reviewing physical access logs can help identify suspicious activity, anomalous events, or potential threats. The reviews can be supported by audit logging controls, such as [AU-2](#au-2), if the access logs are part of an automated system. Organizational incident response capabilities include investigations of physical security incidents and responses to the incidents. Incidents include security violations or suspicious physical access activities. Suspicious physical access activities include accesses outside of normal work hours, repeated accesses to areas not normally accessed, accesses for unusual lengths of time, and out-of-sequence accesses. diff --git a/ssp_author_demo/test_system/pe/pe-8.md b/ssp_author_demo/test_system/pe/pe-8.md index 090aaf3..dfc7ff8 100644 --- a/ssp_author_demo/test_system/pe/pe-8.md +++ b/ssp_author_demo/test_system/pe/pe-8.md @@ -1,7 +1,7 @@ --- sort-id: pe-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pe-8 - \[Physical and Environmental Protection\] Visitor Access Records @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Report anomalies in visitor access records to organization-defined personnel. -## Control Control Guidance +## Control Guidance Visitor access records include the names and organizations of individuals visiting, visitor signatures, forms of identification, dates of access, entry and departure times, purpose of visits, and the names and organizations of individuals visited. Access record reviews determine if access authorizations are current and are still required to support organizational mission and business functions. Access records are not required for publicly accessible areas. diff --git a/ssp_author_demo/test_system/pl/pl-1.md b/ssp_author_demo/test_system/pl/pl-1.md index 2bed5e7..ce2b2c4 100644 --- a/ssp_author_demo/test_system/pl/pl-1.md +++ b/ssp_author_demo/test_system/pl/pl-1.md @@ -1,7 +1,7 @@ --- sort-id: pl-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-1 - \[Planning\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Planning policy and procedures for the controls in the PL family implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on their development. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission level or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission/business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to planning policy and procedures include, but are not limited to, assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/pl/pl-10.md b/ssp_author_demo/test_system/pl/pl-10.md index 10a9068..0fc9033 100644 --- a/ssp_author_demo/test_system/pl/pl-10.md +++ b/ssp_author_demo/test_system/pl/pl-10.md @@ -1,7 +1,7 @@ --- sort-id: pl-10 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-10 - \[Planning\] Baseline Selection @@ -10,7 +10,7 @@ x-trestle-sections: Select a control baseline for the system. -## Control Control Guidance +## Control Guidance Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see [PL-11](#pl-11)). Federal control baselines are provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752). The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) are based on the requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9) and [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455). The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides guidance on control baselines for national security systems. diff --git a/ssp_author_demo/test_system/pl/pl-11.md b/ssp_author_demo/test_system/pl/pl-11.md index b36a992..b295fa6 100644 --- a/ssp_author_demo/test_system/pl/pl-11.md +++ b/ssp_author_demo/test_system/pl/pl-11.md @@ -1,7 +1,7 @@ --- sort-id: pl-11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-11 - \[Planning\] Baseline Tailoring @@ -10,7 +10,7 @@ x-trestle-sections: Tailor the selected control baseline by applying specified tailoring actions. -## Control Control Guidance +## Control Guidance The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752). Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) in accordance with the security and privacy requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9), [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455), and [OMB A-130](#27847491-5ce1-4f6a-a1e4-9e483782f0ef). Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) to specialize or customize the controls that represent the specific needs and concerns of those entities. diff --git a/ssp_author_demo/test_system/pl/pl-2.md b/ssp_author_demo/test_system/pl/pl-2.md index 229dfdd..39cd37e 100644 --- a/ssp_author_demo/test_system/pl/pl-2.md +++ b/ssp_author_demo/test_system/pl/pl-2.md @@ -1,7 +1,7 @@ --- sort-id: pl-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-2 - \[Planning\] System Security and Privacy Plans @@ -34,7 +34,7 @@ x-trestle-sections: - \[e.\] Protect the plans from unauthorized disclosure and modification. -## Control Control Guidance +## Control Guidance System security and privacy plans are scoped to the system and system components within the defined authorization boundary and contain an overview of the security and privacy requirements for the system and the controls selected to satisfy the requirements. The plans describe the intended application of each selected control in the context of the system with a sufficient level of detail to correctly implement the control and to subsequently assess the effectiveness of the control. The control documentation describes how system-specific and hybrid controls are implemented and the plans and expectations regarding the functionality of the system. System security and privacy plans can also be used in the design and development of systems in support of life cycle-based security and privacy engineering processes. System security and privacy plans are living documents that are updated and adapted throughout the system development life cycle (e.g., during capability determination, analysis of alternatives, requests for proposal, and design reviews). [Section 2.1](#c3397cc9-83c6-4459-adb2-836739dc1b94) describes the different types of requirements that are relevant to organizations during the system development life cycle and the relationship between requirements and controls. diff --git a/ssp_author_demo/test_system/pl/pl-4.1.md b/ssp_author_demo/test_system/pl/pl-4.1.md index cda709f..1b9ec6d 100644 --- a/ssp_author_demo/test_system/pl/pl-4.1.md +++ b/ssp_author_demo/test_system/pl/pl-4.1.md @@ -1,7 +1,7 @@ --- sort-id: pl-04.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-4.1 - \[Planning\] Social Media and External Site/application Usage Restrictions @@ -16,7 +16,7 @@ Include in the rules of behavior, restrictions on: - \[(c)\] Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications. -## Control Control Guidance +## Control Guidance Social media, social networking, and external site/application usage restrictions address rules of behavior related to the use of social media, social networking, and external sites when organizational personnel are using such sites for official duties or in the conduct of official business, when organizational information is involved in social media and social networking transactions, and when personnel access social media and networking sites from organizational systems. Organizations also address specific rules that prevent unauthorized entities from obtaining non-public organizational information from social media and networking sites either directly or through inference. Non-public information includes personally identifiable information and system account information. diff --git a/ssp_author_demo/test_system/pl/pl-4.md b/ssp_author_demo/test_system/pl/pl-4.md index d4f2092..b53de97 100644 --- a/ssp_author_demo/test_system/pl/pl-4.md +++ b/ssp_author_demo/test_system/pl/pl-4.md @@ -1,7 +1,7 @@ --- sort-id: pl-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # pl-4 - \[Planning\] Rules of Behavior @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Require individuals who have acknowledged a previous version of the rules of behavior to read and re-acknowledge {{ insert: param, pl-4_prm_3 }} ; when the rules are revised or updated. -## Control Control Guidance +## Control Guidance Rules of behavior represent a type of access agreement for organizational users. Other types of access agreements include nondisclosure agreements, conflict-of-interest agreements, and acceptable use agreements (see [PS-6](#ps-6)). Organizations consider rules of behavior based on individual user roles and responsibilities and differentiate between rules that apply to privileged users and rules that apply to general users. Establishing rules of behavior for some types of non-organizational users, including individuals who receive information from federal systems, is often not feasible given the large number of such users and the limited nature of their interactions with the systems. Rules of behavior for organizational and non-organizational users can also be established in [AC-8](#ac-8). The related controls section provides a list of controls that are relevant to organizational rules of behavior. [PL-4b](#pl-4_smt.b), the documented acknowledgment portion of the control, may be satisfied by the literacy training and awareness and role-based training programs conducted by organizations if such training includes rules of behavior. Documented acknowledgements for rules of behavior include electronic or physical signatures and electronic agreement check boxes or radio buttons. diff --git a/ssp_author_demo/test_system/ps/ps-1.md b/ssp_author_demo/test_system/ps/ps-1.md index 6ee51e8..19cbe5c 100644 --- a/ssp_author_demo/test_system/ps/ps-1.md +++ b/ssp_author_demo/test_system/ps/ps-1.md @@ -1,7 +1,7 @@ --- sort-id: ps-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-1 - \[Personnel Security\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Personnel security policy and procedures for the controls in the PS family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on their development. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission level or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies reflecting the complex nature of organizations. Procedures can be established for security and privacy programs, for mission/business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to personnel security policy and procedures include, but are not limited to, assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ps/ps-2.md b/ssp_author_demo/test_system/ps/ps-2.md index f2901e3..5d604ff 100644 --- a/ssp_author_demo/test_system/ps/ps-2.md +++ b/ssp_author_demo/test_system/ps/ps-2.md @@ -1,7 +1,7 @@ --- sort-id: ps-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-2 - \[Personnel Security\] Position Risk Designation @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Review and update position risk designations organization-defined frequency. -## Control Control Guidance +## Control Guidance Position risk designations reflect Office of Personnel Management (OPM) policy and guidance. Proper position designation is the foundation of an effective and consistent suitability and personnel security program. The Position Designation System (PDS) assesses the duties and responsibilities of a position to determine the degree of potential damage to the efficiency or integrity of the service due to misconduct of an incumbent of a position and establishes the risk level of that position. The PDS assessment also determines if the duties and responsibilities of the position present the potential for position incumbents to bring about a material adverse effect on national security and the degree of that potential effect, which establishes the sensitivity level of a position. The results of the assessment determine what level of investigation is conducted for a position. Risk designations can guide and inform the types of authorizations that individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements. Parts 1400 and 731 of Title 5, Code of Federal Regulations, establish the requirements for organizations to evaluate relevant covered positions for a position sensitivity and position risk designation commensurate with the duties and responsibilities of those positions. diff --git a/ssp_author_demo/test_system/ps/ps-3.md b/ssp_author_demo/test_system/ps/ps-3.md index 2d1fb4b..eec440c 100644 --- a/ssp_author_demo/test_system/ps/ps-3.md +++ b/ssp_author_demo/test_system/ps/ps-3.md @@ -1,7 +1,7 @@ --- sort-id: ps-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-3 - \[Personnel Security\] Personnel Screening @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Rescreen individuals in accordance with organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening. -## Control Control Guidance +## Control Guidance Personnel screening and rescreening activities reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, and specific criteria established for the risk designations of assigned positions. Examples of personnel screening include background investigations and agency checks. Organizations may define different rescreening conditions and frequencies for personnel accessing systems based on types of information processed, stored, or transmitted by the systems. diff --git a/ssp_author_demo/test_system/ps/ps-4.md b/ssp_author_demo/test_system/ps/ps-4.md index 787de17..5bc42f8 100644 --- a/ssp_author_demo/test_system/ps/ps-4.md +++ b/ssp_author_demo/test_system/ps/ps-4.md @@ -1,7 +1,7 @@ --- sort-id: ps-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-4 - \[Personnel Security\] Personnel Termination @@ -20,7 +20,7 @@ Upon termination of individual employment: - \[e.\] Retain access to organizational information and systems formerly controlled by terminated individual. -## Control Control Guidance +## Control Guidance System property includes hardware authentication tokens, system administration technical manuals, keys, identification cards, and building passes. Exit interviews ensure that terminated individuals understand the security constraints imposed by being former employees and that proper accountability is achieved for system-related property. Security topics at exit interviews include reminding individuals of nondisclosure agreements and potential limitations on future employment. Exit interviews may not always be possible for some individuals, including in cases related to the unavailability of supervisors, illnesses, or job abandonment. Exit interviews are important for individuals with security clearances. The timely execution of termination actions is essential for individuals who have been terminated for cause. In certain situations, organizations consider disabling the system accounts of individuals who are being terminated prior to the individuals being notified. diff --git a/ssp_author_demo/test_system/ps/ps-5.md b/ssp_author_demo/test_system/ps/ps-5.md index be1ffd5..b489753 100644 --- a/ssp_author_demo/test_system/ps/ps-5.md +++ b/ssp_author_demo/test_system/ps/ps-5.md @@ -1,7 +1,7 @@ --- sort-id: ps-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-5 - \[Personnel Security\] Personnel Transfer @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Notify organization-defined personnel or roles within organization-defined time period. -## Control Control Guidance +## Control Guidance Personnel transfer applies when reassignments or transfers of individuals are permanent or of such extended duration as to make the actions warranted. Organizations define actions appropriate for the types of reassignments or transfers, whether permanent or extended. Actions that may be required for personnel transfers or reassignments to other positions within organizations include returning old and issuing new keys, identification cards, and building passes; closing system accounts and establishing new accounts; changing system access authorizations (i.e., privileges); and providing for access to official records to which individuals had access at previous work locations and in previous system accounts. diff --git a/ssp_author_demo/test_system/ps/ps-6.md b/ssp_author_demo/test_system/ps/ps-6.md index 25a704b..c19f18e 100644 --- a/ssp_author_demo/test_system/ps/ps-6.md +++ b/ssp_author_demo/test_system/ps/ps-6.md @@ -1,7 +1,7 @@ --- sort-id: ps-06 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-6 - \[Personnel Security\] Access Agreements @@ -17,7 +17,7 @@ x-trestle-sections: - \[1.\] Sign appropriate access agreements prior to being granted access; and - \[2.\] Re-sign access agreements to maintain access to organizational systems when access agreements have been updated or organization-defined frequency. -## Control Control Guidance +## Control Guidance Access agreements include nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy. diff --git a/ssp_author_demo/test_system/ps/ps-7.md b/ssp_author_demo/test_system/ps/ps-7.md index 8c6afd4..4e075ef 100644 --- a/ssp_author_demo/test_system/ps/ps-7.md +++ b/ssp_author_demo/test_system/ps/ps-7.md @@ -1,7 +1,7 @@ --- sort-id: ps-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-7 - \[Personnel Security\] External Personnel Security @@ -18,7 +18,7 @@ x-trestle-sections: - \[e.\] Monitor provider compliance with personnel security requirements. -## Control Control Guidance +## Control Guidance External provider refers to organizations other than the organization operating or acquiring the system. External providers include service bureaus, contractors, and other organizations that provide system development, information technology services, testing or assessment services, outsourced applications, and network/security management. Organizations explicitly include personnel security requirements in acquisition-related documents. External providers may have personnel working at organizational facilities with credentials, badges, or system privileges issued by organizations. Notifications of external personnel changes ensure the appropriate termination of privileges and credentials. Organizations define the transfers and terminations deemed reportable by security-related characteristics that include functions, roles, and the nature of credentials or privileges associated with transferred or terminated individuals. diff --git a/ssp_author_demo/test_system/ps/ps-8.md b/ssp_author_demo/test_system/ps/ps-8.md index c7f6829..f38c705 100644 --- a/ssp_author_demo/test_system/ps/ps-8.md +++ b/ssp_author_demo/test_system/ps/ps-8.md @@ -1,7 +1,7 @@ --- sort-id: ps-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-8 - \[Personnel Security\] Personnel Sanctions @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Notify organization-defined personnel or roles within organization-defined time period when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction. -## Control Control Guidance +## Control Guidance Organizational sanctions reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Sanctions processes are described in access agreements and can be included as part of general personnel policies for organizations and/or specified in security and privacy policies. Organizations consult with the Office of the General Counsel regarding matters of employee sanctions. diff --git a/ssp_author_demo/test_system/ps/ps-9.md b/ssp_author_demo/test_system/ps/ps-9.md index 842516d..27ec15e 100644 --- a/ssp_author_demo/test_system/ps/ps-9.md +++ b/ssp_author_demo/test_system/ps/ps-9.md @@ -1,7 +1,7 @@ --- sort-id: ps-09 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ps-9 - \[Personnel Security\] Position Descriptions @@ -10,7 +10,7 @@ x-trestle-sections: Incorporate security and privacy roles and responsibilities into organizational position descriptions. -## Control Control Guidance +## Control Guidance Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles. diff --git a/ssp_author_demo/test_system/ra/ra-1.md b/ssp_author_demo/test_system/ra/ra-1.md index a4f1fce..a58a379 100644 --- a/ssp_author_demo/test_system/ra/ra-1.md +++ b/ssp_author_demo/test_system/ra/ra-1.md @@ -1,7 +1,7 @@ --- sort-id: ra-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-1 - \[Risk Assessment\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Risk assessment policy and procedures address the controls in the RA family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of risk assessment policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies reflecting the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to risk assessment policy and procedures include assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/ra/ra-2.md b/ssp_author_demo/test_system/ra/ra-2.md index 079ebd5..b8461f9 100644 --- a/ssp_author_demo/test_system/ra/ra-2.md +++ b/ssp_author_demo/test_system/ra/ra-2.md @@ -1,7 +1,7 @@ --- sort-id: ra-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-2 - \[Risk Assessment\] Security Categorization @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision. -## Control Control Guidance +## Control Guidance Security categories describe the potential adverse impacts or negative consequences to organizational operations, organizational assets, and individuals if organizational information and systems are compromised through a loss of confidentiality, integrity, or availability. Security categorization is also a type of asset loss characterization in systems security engineering processes that is carried out throughout the system development life cycle. Organizations can use privacy risk assessments or privacy impact assessments to better understand the potential adverse effects on individuals. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides additional guidance on categorization for national security systems. diff --git a/ssp_author_demo/test_system/ra/ra-3.1.md b/ssp_author_demo/test_system/ra/ra-3.1.md index 219ad02..531ab48 100644 --- a/ssp_author_demo/test_system/ra/ra-3.1.md +++ b/ssp_author_demo/test_system/ra/ra-3.1.md @@ -1,7 +1,7 @@ --- sort-id: ra-03.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-3.1 - \[Risk Assessment\] Supply Chain Risk Assessment @@ -12,7 +12,7 @@ x-trestle-sections: - \[(b)\] Update the supply chain risk assessment organization-defined frequency, when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain. -## Control Control Guidance +## Control Guidance Supply chain-related events include disruption, use of defective components, insertion of counterfeits, theft, malicious development practices, improper delivery practices, and insertion of malicious code. These events can have a significant impact on the confidentiality, integrity, or availability of a system and its information and, therefore, can also adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. The supply chain-related events may be unintentional or malicious and can occur at any point during the system life cycle. An analysis of supply chain risk can help an organization identify systems or components for which additional supply chain risk mitigations are required. diff --git a/ssp_author_demo/test_system/ra/ra-3.md b/ssp_author_demo/test_system/ra/ra-3.md index 8152b69..eb51bb0 100644 --- a/ssp_author_demo/test_system/ra/ra-3.md +++ b/ssp_author_demo/test_system/ra/ra-3.md @@ -1,7 +1,7 @@ --- sort-id: ra-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-3 - \[Risk Assessment\] Risk Assessment @@ -24,7 +24,7 @@ x-trestle-sections: - \[f.\] Update the risk assessment organization-defined frequency or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system. -## Control Control Guidance +## Control Guidance Risk assessments consider threats, vulnerabilities, likelihood, and impact to organizational operations and assets, individuals, other organizations, and the Nation. Risk assessments also consider risk from external parties, including contractors who operate systems on behalf of the organization, individuals who access organizational systems, service providers, and outsourcing entities. diff --git a/ssp_author_demo/test_system/ra/ra-5.11.md b/ssp_author_demo/test_system/ra/ra-5.11.md index 8cf3f52..d071610 100644 --- a/ssp_author_demo/test_system/ra/ra-5.11.md +++ b/ssp_author_demo/test_system/ra/ra-5.11.md @@ -1,7 +1,7 @@ --- sort-id: ra-05.11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-5.11 - \[Risk Assessment\] Public Disclosure Program @@ -10,7 +10,7 @@ x-trestle-sections: Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components. -## Control Control Guidance +## Control Guidance The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability. diff --git a/ssp_author_demo/test_system/ra/ra-5.2.md b/ssp_author_demo/test_system/ra/ra-5.2.md index 5e70db2..9537b0c 100644 --- a/ssp_author_demo/test_system/ra/ra-5.2.md +++ b/ssp_author_demo/test_system/ra/ra-5.2.md @@ -1,7 +1,7 @@ --- sort-id: ra-05.02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-5.2 - \[Risk Assessment\] Update Vulnerabilities to Be Scanned @@ -10,7 +10,7 @@ x-trestle-sections: Update the system vulnerabilities to be scanned organization-defined frequency ; prior to a new scan; when new vulnerabilities are identified and reported. -## Control Control Guidance +## Control Guidance Due to the complexity of modern software, systems, and other factors, new vulnerabilities are discovered on a regular basis. It is important that newly discovered vulnerabilities are added to the list of vulnerabilities to be scanned to ensure that the organization can take steps to mitigate those vulnerabilities in a timely manner. diff --git a/ssp_author_demo/test_system/ra/ra-5.md b/ssp_author_demo/test_system/ra/ra-5.md index 3d41851..abaffab 100644 --- a/ssp_author_demo/test_system/ra/ra-5.md +++ b/ssp_author_demo/test_system/ra/ra-5.md @@ -1,7 +1,7 @@ --- sort-id: ra-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-5 - \[Risk Assessment\] Vulnerability Monitoring and Scanning @@ -24,7 +24,7 @@ x-trestle-sections: - \[f.\] Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned. -## Control Control Guidance +## Control Guidance Security categorization of information and systems guides the frequency and comprehensiveness of vulnerability monitoring (including scans). Organizations determine the required vulnerability monitoring for system components, ensuring that the potential sources of vulnerabilities—such as infrastructure components (e.g., switches, routers, guards, sensors), networked printers, scanners, and copiers—are not overlooked. The capability to readily update vulnerability monitoring tools as new vulnerabilities are discovered and announced and as new scanning methods are developed helps to ensure that new vulnerabilities are not missed by employed vulnerability monitoring tools. The vulnerability monitoring tool update process helps to ensure that potential vulnerabilities in the system are identified and addressed as quickly as possible. Vulnerability monitoring and analyses for custom software may require additional approaches, such as static analysis, dynamic analysis, binary analysis, or a hybrid of the three approaches. Organizations can use these analysis approaches in source code reviews and in a variety of tools, including web-based application scanners, static analysis tools, and binary analyzers. diff --git a/ssp_author_demo/test_system/ra/ra-7.md b/ssp_author_demo/test_system/ra/ra-7.md index 1475489..81ae00f 100644 --- a/ssp_author_demo/test_system/ra/ra-7.md +++ b/ssp_author_demo/test_system/ra/ra-7.md @@ -1,7 +1,7 @@ --- sort-id: ra-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # ra-7 - \[Risk Assessment\] Risk Response @@ -10,7 +10,7 @@ x-trestle-sections: Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance. -## Control Control Guidance +## Control Guidance Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated. diff --git a/ssp_author_demo/test_system/sa/sa-1.md b/ssp_author_demo/test_system/sa/sa-1.md index 8b330eb..b71b64f 100644 --- a/ssp_author_demo/test_system/sa/sa-1.md +++ b/ssp_author_demo/test_system/sa/sa-1.md @@ -1,7 +1,7 @@ --- sort-id: sa-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-1 - \[System and Services Acquisition\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance System and services acquisition policy and procedures address the controls in the SA family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of system and services acquisition policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to system and services acquisition policy and procedures include assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/sa/sa-2.md b/ssp_author_demo/test_system/sa/sa-2.md index 0d17881..dc85e46 100644 --- a/ssp_author_demo/test_system/sa/sa-2.md +++ b/ssp_author_demo/test_system/sa/sa-2.md @@ -1,7 +1,7 @@ --- sort-id: sa-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-2 - \[System and Services Acquisition\] Allocation of Resources @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation. -## Control Control Guidance +## Control Guidance Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle. diff --git a/ssp_author_demo/test_system/sa/sa-22.md b/ssp_author_demo/test_system/sa/sa-22.md index 60f4abe..c4acb0f 100644 --- a/ssp_author_demo/test_system/sa/sa-22.md +++ b/ssp_author_demo/test_system/sa/sa-22.md @@ -1,7 +1,7 @@ --- sort-id: sa-22 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-22 - \[System and Services Acquisition\] Unsupported System Components @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Provide the following options for alternative sources for continued support for unsupported components in-house support; {{ insert: param, sa-22_prm_2 }} . -## Control Control Guidance +## Control Guidance Support for system components includes software patches, firmware updates, replacement parts, and maintenance contracts. An example of unsupported components includes when vendors no longer provide critical software patches or product updates, which can result in an opportunity for adversaries to exploit weaknesses in the installed components. Exceptions to replacing unsupported system components include systems that provide critical mission or business capabilities where newer technologies are not available or where the systems are so isolated that installing replacement components is not an option. diff --git a/ssp_author_demo/test_system/sa/sa-3.md b/ssp_author_demo/test_system/sa/sa-3.md index 234e5b7..28ea484 100644 --- a/ssp_author_demo/test_system/sa/sa-3.md +++ b/ssp_author_demo/test_system/sa/sa-3.md @@ -1,7 +1,7 @@ --- sort-id: sa-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-3 - \[System and Services Acquisition\] System Development Life Cycle @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Integrate the organizational information security and privacy risk management process into system development life cycle activities. -## Control Control Guidance +## Control Guidance A system development life cycle process provides the foundation for the successful development, implementation, and operation of organizational systems. The integration of security and privacy considerations early in the system development life cycle is a foundational principle of systems security engineering and privacy engineering. To apply the required controls within the system development life cycle requires a basic understanding of information security and privacy, threats, vulnerabilities, adverse impacts, and risk to critical mission and business functions. The security engineering principles in [SA-8](#sa-8) help individuals properly design, code, and test systems and system components. Organizations include qualified personnel (e.g., senior agency information security officers, senior agency officials for privacy, security and privacy architects, and security and privacy engineers) in system development life cycle processes to ensure that established security and privacy requirements are incorporated into organizational systems. Role-based security and privacy training programs can ensure that individuals with key security and privacy roles and responsibilities have the experience, skills, and expertise to conduct assigned system development life cycle activities. diff --git a/ssp_author_demo/test_system/sa/sa-4.10.md b/ssp_author_demo/test_system/sa/sa-4.10.md index bd45009..a8e3b14 100644 --- a/ssp_author_demo/test_system/sa/sa-4.10.md +++ b/ssp_author_demo/test_system/sa/sa-4.10.md @@ -1,7 +1,7 @@ --- sort-id: sa-04.10 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-4.10 - \[System and Services Acquisition\] Use of Approved PIV Products @@ -10,7 +10,7 @@ x-trestle-sections: Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems. -## Control Control Guidance +## Control Guidance Products on the FIPS 201-approved products list meet NIST requirements for Personal Identity Verification (PIV) of Federal Employees and Contractors. PIV cards are used for multi-factor authentication in systems and organizations. diff --git a/ssp_author_demo/test_system/sa/sa-4.md b/ssp_author_demo/test_system/sa/sa-4.md index d4bdd7e..1b376fa 100644 --- a/ssp_author_demo/test_system/sa/sa-4.md +++ b/ssp_author_demo/test_system/sa/sa-4.md @@ -1,7 +1,7 @@ --- sort-id: sa-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-4 - \[System and Services Acquisition\] Acquisition Process @@ -28,7 +28,7 @@ Include the following requirements, descriptions, and criteria, explicitly or by - \[i.\] Acceptance criteria. -## Control Control Guidance +## Control Guidance Security and privacy functional requirements are typically derived from the high-level security and privacy requirements described in [SA-2](#sa-2). The derived requirements include security and privacy capabilities, functions, and mechanisms. Strength requirements associated with such capabilities, functions, and mechanisms include degree of correctness, completeness, resistance to tampering or bypass, and resistance to direct attack. Assurance requirements include development processes, procedures, and methodologies as well as the evidence from development and assessment activities that provide grounds for confidence that the required functionality is implemented and possesses the required strength of mechanism. [SP 800-160-1](#e3cc0520-a366-4fc9-abc2-5272db7e3564) describes the process of requirements engineering as part of the system development life cycle. diff --git a/ssp_author_demo/test_system/sa/sa-5.md b/ssp_author_demo/test_system/sa/sa-5.md index 885d54d..d80c089 100644 --- a/ssp_author_demo/test_system/sa/sa-5.md +++ b/ssp_author_demo/test_system/sa/sa-5.md @@ -1,7 +1,7 @@ --- sort-id: sa-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-5 - \[System and Services Acquisition\] System Documentation @@ -24,7 +24,7 @@ x-trestle-sections: - \[d.\] Distribute documentation to organization-defined personnel or roles. -## Control Control Guidance +## Control Guidance System documentation helps personnel understand the implementation and operation of controls. Organizations consider establishing specific measures to determine the quality and completeness of the content provided. System documentation may be used to support the management of supply chain risk, incident response, and other functions. Personnel or roles that require documentation include system owners, system security officers, and system administrators. Attempts to obtain documentation include contacting manufacturers or suppliers and conducting web-based searches. The inability to obtain documentation may occur due to the age of the system or component or the lack of support from developers and contractors. When documentation cannot be obtained, organizations may need to recreate the documentation if it is essential to the implementation or operation of the controls. The protection provided for the documentation is commensurate with the security category or classification of the system. Documentation that addresses system vulnerabilities may require an increased level of protection. Secure operation of the system includes initially starting the system and resuming secure system operation after a lapse in system operation. diff --git a/ssp_author_demo/test_system/sa/sa-8.md b/ssp_author_demo/test_system/sa/sa-8.md index de094ff..4eeda69 100644 --- a/ssp_author_demo/test_system/sa/sa-8.md +++ b/ssp_author_demo/test_system/sa/sa-8.md @@ -1,7 +1,7 @@ --- sort-id: sa-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-8 - \[System and Services Acquisition\] Security and Privacy Engineering Principles @@ -10,7 +10,7 @@ x-trestle-sections: Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: organization-defined systems security and privacy engineering principles. -## Control Control Guidance +## Control Guidance Systems security and privacy engineering principles are closely related to and implemented throughout the system development life cycle (see [SA-3](#sa-3)). Organizations can apply systems security and privacy engineering principles to new systems under development or to systems undergoing upgrades. For existing systems, organizations apply systems security and privacy engineering principles to system upgrades and modifications to the extent feasible, given the current state of hardware, software, and firmware components within those systems. diff --git a/ssp_author_demo/test_system/sa/sa-9.md b/ssp_author_demo/test_system/sa/sa-9.md index 5368052..0d1bc06 100644 --- a/ssp_author_demo/test_system/sa/sa-9.md +++ b/ssp_author_demo/test_system/sa/sa-9.md @@ -1,7 +1,7 @@ --- sort-id: sa-09 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sa-9 - \[System and Services Acquisition\] External System Services @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: organization-defined processes, methods, and techniques. -## Control Control Guidance +## Control Guidance External system services are provided by an external provider, and the organization has no direct control over the implementation of the required controls or the assessment of control effectiveness. Organizations establish relationships with external service providers in a variety of ways, including through business partnerships, contracts, interagency agreements, lines of business arrangements, licensing agreements, joint ventures, and supply chain exchanges. The responsibility for managing risks from the use of external system services remains with authorizing officials. For services external to organizations, a chain of trust requires that organizations establish and retain a certain level of confidence that each provider in the consumer-provider relationship provides adequate protection for the services rendered. The extent and nature of this chain of trust vary based on relationships between organizations and the external providers. Organizations document the basis for the trust relationships so that the relationships can be monitored. External system services documentation includes government, service providers, end user security roles and responsibilities, and service-level agreements. Service-level agreements define the expectations of performance for implemented controls, describe measurable outcomes, and identify remedies and response requirements for identified instances of noncompliance. diff --git a/ssp_author_demo/test_system/sc/sc-1.md b/ssp_author_demo/test_system/sc/sc-1.md index f08cf2a..79648a2 100644 --- a/ssp_author_demo/test_system/sc/sc-1.md +++ b/ssp_author_demo/test_system/sc/sc-1.md @@ -1,7 +1,7 @@ --- sort-id: sc-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-1 - \[System and Communications Protection\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance System and communications protection policy and procedures address the controls in the SC family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of system and communications protection policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to system and communications protection policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/sc/sc-12.md b/ssp_author_demo/test_system/sc/sc-12.md index 80fc70b..663dc40 100644 --- a/ssp_author_demo/test_system/sc/sc-12.md +++ b/ssp_author_demo/test_system/sc/sc-12.md @@ -1,7 +1,7 @@ --- sort-id: sc-12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-12 - \[System and Communications Protection\] Cryptographic Key Establishment and Management @@ -10,7 +10,7 @@ x-trestle-sections: Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: organization-defined requirements for key generation, distribution, storage, access, and destruction. -## Control Control Guidance +## Control Guidance Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. [NIST CMVP](#1acdc775-aafb-4d11-9341-dc6a822e9d38) and [NIST CAVP](#84dc1b0c-acb7-4269-84c4-00dbabacd78c) provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment. diff --git a/ssp_author_demo/test_system/sc/sc-13.md b/ssp_author_demo/test_system/sc/sc-13.md index 2a6373d..df2e115 100644 --- a/ssp_author_demo/test_system/sc/sc-13.md +++ b/ssp_author_demo/test_system/sc/sc-13.md @@ -1,7 +1,7 @@ --- sort-id: sc-13 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-13 - \[System and Communications Protection\] Cryptographic Protection @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Implement the following types of cryptography required for each specified cryptographic use: organization-defined types of cryptography for each specified cryptographic use. -## Control Control Guidance +## Control Guidance Cryptography can be employed to support a variety of security solutions, including the protection of classified information and controlled unclassified information, the provision and implementation of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances but lack the necessary formal access approvals. Cryptography can also be used to support random number and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. For example, organizations that need to protect classified information may specify the use of NSA-approved cryptography. Organizations that need to provision and implement digital signatures may specify the use of FIPS-validated cryptography. Cryptography is implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. diff --git a/ssp_author_demo/test_system/sc/sc-15.md b/ssp_author_demo/test_system/sc/sc-15.md index 408ed44..3a2d17b 100644 --- a/ssp_author_demo/test_system/sc/sc-15.md +++ b/ssp_author_demo/test_system/sc/sc-15.md @@ -1,7 +1,7 @@ --- sort-id: sc-15 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-15 - \[System and Communications Protection\] Collaborative Computing Devices and Applications @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Provide an explicit indication of use to users physically present at the devices. -## Control Control Guidance +## Control Guidance Collaborative computing devices and applications include remote meeting devices and applications, networked white boards, cameras, and microphones. The explicit indication of use includes signals to users when collaborative computing devices and applications are activated. diff --git a/ssp_author_demo/test_system/sc/sc-20.md b/ssp_author_demo/test_system/sc/sc-20.md index a96c092..cda137e 100644 --- a/ssp_author_demo/test_system/sc/sc-20.md +++ b/ssp_author_demo/test_system/sc/sc-20.md @@ -1,7 +1,7 @@ --- sort-id: sc-20 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-20 - \[System and Communications Protection\] Secure Name/address Resolution Service (authoritative Source) @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace. -## Control Control Guidance +## Control Guidance Providing authoritative source information enables external clients, including remote Internet clients, to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the service. Systems that provide name and address resolution services include domain name system (DNS) servers. Additional artifacts include DNS Security Extensions (DNSSEC) digital signatures and cryptographic keys. Authoritative data includes DNS resource records. The means for indicating the security status of child zones include the use of delegation signer resource records in the DNS. Systems that use technologies other than the DNS to map between host and service names and network addresses provide other means to assure the authenticity and integrity of response data. diff --git a/ssp_author_demo/test_system/sc/sc-21.md b/ssp_author_demo/test_system/sc/sc-21.md index 676e601..9e8450c 100644 --- a/ssp_author_demo/test_system/sc/sc-21.md +++ b/ssp_author_demo/test_system/sc/sc-21.md @@ -1,7 +1,7 @@ --- sort-id: sc-21 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-21 - \[System and Communications Protection\] Secure Name/address Resolution Service (recursive or Caching Resolver) @@ -10,7 +10,7 @@ x-trestle-sections: Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources. -## Control Control Guidance +## Control Guidance Each client of name resolution services either performs this validation on its own or has authenticated channels to trusted validation providers. Systems that provide name and address resolution services for local clients include recursive resolving or caching domain name system (DNS) servers. DNS client resolvers either perform validation of DNSSEC signatures, or clients use authenticated channels to recursive resolvers that perform such validations. Systems that use technologies other than the DNS to map between host and service names and network addresses provide some other means to enable clients to verify the authenticity and integrity of response data. diff --git a/ssp_author_demo/test_system/sc/sc-22.md b/ssp_author_demo/test_system/sc/sc-22.md index ded6a6a..49eff7b 100644 --- a/ssp_author_demo/test_system/sc/sc-22.md +++ b/ssp_author_demo/test_system/sc/sc-22.md @@ -1,7 +1,7 @@ --- sort-id: sc-22 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-22 - \[System and Communications Protection\] Architecture and Provisioning for Name/address Resolution Service @@ -10,7 +10,7 @@ x-trestle-sections: Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation. -## Control Control Guidance +## Control Guidance Systems that provide name and address resolution services include domain name system (DNS) servers. To eliminate single points of failure in systems and enhance redundancy, organizations employ at least two authoritative domain name system servers—one configured as the primary server and the other configured as the secondary server. Additionally, organizations typically deploy the servers in two geographically separated network subnetworks (i.e., not located in the same physical facility). For role separation, DNS servers with internal roles only process name and address resolution requests from within organizations (i.e., from internal clients). DNS servers with external roles only process name and address resolution information requests from clients external to organizations (i.e., on external networks, including the Internet). Organizations specify clients that can access authoritative DNS servers in certain roles (e.g., by address ranges and explicit lists). diff --git a/ssp_author_demo/test_system/sc/sc-39.md b/ssp_author_demo/test_system/sc/sc-39.md index 0c3d644..15c5b82 100644 --- a/ssp_author_demo/test_system/sc/sc-39.md +++ b/ssp_author_demo/test_system/sc/sc-39.md @@ -1,7 +1,7 @@ --- sort-id: sc-39 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-39 - \[System and Communications Protection\] Process Isolation @@ -10,7 +10,7 @@ x-trestle-sections: Maintain a separate execution domain for each executing system process. -## Control Control Guidance +## Control Guidance Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies. diff --git a/ssp_author_demo/test_system/sc/sc-5.md b/ssp_author_demo/test_system/sc/sc-5.md index a522147..0ba02d8 100644 --- a/ssp_author_demo/test_system/sc/sc-5.md +++ b/ssp_author_demo/test_system/sc/sc-5.md @@ -1,7 +1,7 @@ --- sort-id: sc-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-5 - \[System and Communications Protection\] Denial-of-service Protection @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Employ the following controls to achieve the denial-of-service objective: organization-defined controls by type of denial-of-service event. -## Control Control Guidance +## Control Guidance Denial-of-service events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of denial-of-service events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of denial-of-service attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to denial-of-service events. diff --git a/ssp_author_demo/test_system/sc/sc-7.md b/ssp_author_demo/test_system/sc/sc-7.md index 30d4eac..474b13b 100644 --- a/ssp_author_demo/test_system/sc/sc-7.md +++ b/ssp_author_demo/test_system/sc/sc-7.md @@ -1,7 +1,7 @@ --- sort-id: sc-07 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sc-7 - \[System and Communications Protection\] Boundary Protection @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture. -## Control Control Guidance +## Control Guidance Managed interfaces include gateways, routers, firewalls, guards, network-based malicious code analysis, virtualization systems, or encrypted tunnels implemented within a security architecture. Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. Restricting or prohibiting interfaces within organizational systems includes restricting external web traffic to designated web servers within managed interfaces, prohibiting external traffic that appears to be spoofing internal addresses, and prohibiting internal traffic that appears to be spoofing external addresses. [SP 800-189](#f5edfe51-d1f2-422e-9b27-5d0e90b49c72) provides additional information on source address validation techniques to prevent ingress and egress of traffic with spoofed addresses. Commercial telecommunications services are provided by network components and consolidated management systems shared by customers. These services may also include third party-provided access lines and other service elements. Such services may represent sources of increased risk despite contract security provisions. Boundary protection may be implemented as a common control for all or part of an organizational network such that the boundary to be protected is greater than a system-specific boundary (i.e., an authorization boundary). diff --git a/ssp_author_demo/test_system/si/si-1.md b/ssp_author_demo/test_system/si/si-1.md index 48517ec..d8fb9bd 100644 --- a/ssp_author_demo/test_system/si/si-1.md +++ b/ssp_author_demo/test_system/si/si-1.md @@ -1,7 +1,7 @@ --- sort-id: si-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-1 - \[System and Information Integrity\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance System and information integrity policy and procedures address the controls in the SI family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of system and information integrity policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to system and information integrity policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/si/si-12.md b/ssp_author_demo/test_system/si/si-12.md index 84dc655..9eb72c0 100644 --- a/ssp_author_demo/test_system/si/si-12.md +++ b/ssp_author_demo/test_system/si/si-12.md @@ -1,7 +1,7 @@ --- sort-id: si-12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-12 - \[System and Information Integrity\] Information Management and Retention @@ -10,7 +10,7 @@ x-trestle-sections: Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements. -## Control Control Guidance +## Control Guidance Information management and retention requirements cover the full life cycle of information, in some cases extending beyond system disposal. Information to be retained may also include policies, procedures, plans, reports, data output from control implementation, and other types of administrative information. The National Archives and Records Administration (NARA) provides federal policy and guidance on records retention and schedules. If organizations have a records management office, consider coordinating with records management personnel. Records produced from the output of implemented controls that may require management and retention include, but are not limited to: All XX-1, [AC-6(9)](#ac-6.9), [AT-4](#at-4), [AU-12](#au-12), [CA-2](#ca-2), [CA-3](#ca-3), [CA-5](#ca-5), [CA-6](#ca-6), [CA-7](#ca-7), [CA-8](#ca-8), [CA-9](#ca-9), [CM-2](#cm-2), [CM-3](#cm-3), [CM-4](#cm-4), [CM-6](#cm-6), [CM-8](#cm-8), [CM-9](#cm-9), [CM-12](#cm-12), [CM-13](#cm-13), [CP-2](#cp-2), [IR-6](#ir-6), [IR-8](#ir-8), [MA-2](#ma-2), [MA-4](#ma-4), [PE-2](#pe-2), [PE-8](#pe-8), [PE-16](#pe-16), [PE-17](#pe-17), [PL-2](#pl-2), [PL-4](#pl-4), [PL-7](#pl-7), [PL-8](#pl-8), [PM-5](#pm-5), [PM-8](#pm-8), [PM-9](#pm-9), [PM-18](#pm-18), [PM-21](#pm-21), [PM-27](#pm-27), [PM-28](#pm-28), [PM-30](#pm-30), [PM-31](#pm-31), [PS-2](#ps-2), [PS-6](#ps-6), [PS-7](#ps-7), [PT-2](#pt-2), [PT-3](#pt-3), [PT-7](#pt-7), [RA-2](#ra-2), [RA-3](#ra-3), [RA-5](#ra-5), [RA-8](#ra-8), [SA-4](#sa-4), [SA-5](#sa-5), [SA-8](#sa-8), [SA-10](#sa-10), [SI-4](#si-4), [SR-2](#sr-2), [SR-4](#sr-4), [SR-8](#sr-8). diff --git a/ssp_author_demo/test_system/si/si-2.md b/ssp_author_demo/test_system/si/si-2.md index 1a2f06c..7358553 100644 --- a/ssp_author_demo/test_system/si/si-2.md +++ b/ssp_author_demo/test_system/si/si-2.md @@ -1,7 +1,7 @@ --- sort-id: si-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-2 - \[System and Information Integrity\] Flaw Remediation @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Incorporate flaw remediation into the organizational configuration management process. -## Control Control Guidance +## Control Guidance The need to remediate system flaws applies to all types of software and firmware. Organizations identify systems affected by software flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security and privacy responsibilities. Security-relevant updates include patches, service packs, and malicious code signatures. Organizations also address flaws discovered during assessments, continuous monitoring, incident response activities, and system error handling. By incorporating flaw remediation into configuration management processes, required remediation actions can be tracked and verified. diff --git a/ssp_author_demo/test_system/si/si-3.md b/ssp_author_demo/test_system/si/si-3.md index 54367dc..04076f2 100644 --- a/ssp_author_demo/test_system/si/si-3.md +++ b/ssp_author_demo/test_system/si/si-3.md @@ -1,7 +1,7 @@ --- sort-id: si-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-3 - \[System and Information Integrity\] Malicious Code Protection @@ -19,7 +19,7 @@ x-trestle-sections: - \[d.\] Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system. -## Control Control Guidance +## Control Guidance System entry and exit points include firewalls, remote access servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can also be encoded in various formats contained within compressed or hidden files or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways, including by electronic mail, the world-wide web, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. diff --git a/ssp_author_demo/test_system/si/si-4.md b/ssp_author_demo/test_system/si/si-4.md index 5a49098..199f242 100644 --- a/ssp_author_demo/test_system/si/si-4.md +++ b/ssp_author_demo/test_system/si/si-4.md @@ -1,7 +1,7 @@ --- sort-id: si-04 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-4 - \[System and Information Integrity\] System Monitoring @@ -28,7 +28,7 @@ x-trestle-sections: - \[g.\] Provide organization-defined system monitoring information to organization-defined personnel or roles as needed; {{ insert: param, si-4_prm_6 }} . -## Control Control Guidance +## Control Guidance System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at external interfaces to the system. Internal monitoring includes the observation of events occurring within the system. Organizations monitor systems by observing audit activities in real time or by observing other system aspects such as access patterns, characteristics of access, and other actions. The monitoring objectives guide and inform the determination of the events. System monitoring capabilities are achieved through a variety of tools and techniques, including intrusion detection and prevention systems, malicious code protection software, scanning tools, audit record monitoring software, and network monitoring software. diff --git a/ssp_author_demo/test_system/si/si-5.md b/ssp_author_demo/test_system/si/si-5.md index 5953e42..29b507b 100644 --- a/ssp_author_demo/test_system/si/si-5.md +++ b/ssp_author_demo/test_system/si/si-5.md @@ -1,7 +1,7 @@ --- sort-id: si-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # si-5 - \[System and Information Integrity\] Security Alerts, Advisories, and Directives @@ -16,7 +16,7 @@ x-trestle-sections: - \[d.\] Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance. -## Control Control Guidance +## Control Guidance The Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness throughout the Federal Government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance with security directives is essential due to the critical nature of many of these directives and the potential (immediate) adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include supply chain partners, external mission or business partners, external service providers, and other peer or supporting organizations. diff --git a/ssp_author_demo/test_system/sr/sr-1.md b/ssp_author_demo/test_system/sr/sr-1.md index f492109..7d26ebf 100644 --- a/ssp_author_demo/test_system/sr/sr-1.md +++ b/ssp_author_demo/test_system/sr/sr-1.md @@ -1,7 +1,7 @@ --- sort-id: sr-01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-1 - \[Supply Chain Risk Management\] Policy and Procedures @@ -24,7 +24,7 @@ x-trestle-sections: - \[1.\] Policy organization-defined frequency and following organization-defined events; and - \[2.\] Procedures organization-defined frequency and following organization-defined events. -## Control Control Guidance +## Control Guidance Supply chain risk management policy and procedures address the controls in the SR family as well as supply chain-related controls in other families that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures. Policies and procedures contribute to security and privacy assurance. Therefore, it is important that security and privacy programs collaborate on the development of supply chain risk management policy and procedures. Security and privacy program policies and procedures at the organization level are preferable, in general, and may obviate the need for mission- or system-specific policies and procedures. The policy can be included as part of the general security and privacy policy or be represented by multiple policies that reflect the complex nature of organizations. Procedures can be established for security and privacy programs, for mission or business processes, and for systems, if needed. Procedures describe how the policies or controls are implemented and can be directed at the individual or role that is the object of the procedure. Procedures can be documented in system security and privacy plans or in one or more separate documents. Events that may precipitate an update to supply chain risk management policy and procedures include assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Simply restating controls does not constitute an organizational policy or procedure. diff --git a/ssp_author_demo/test_system/sr/sr-10.md b/ssp_author_demo/test_system/sr/sr-10.md index 2e1c168..230760f 100644 --- a/ssp_author_demo/test_system/sr/sr-10.md +++ b/ssp_author_demo/test_system/sr/sr-10.md @@ -1,7 +1,7 @@ --- sort-id: sr-10 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-10 - \[Supply Chain Risk Management\] Inspection of Systems or Components @@ -10,7 +10,7 @@ x-trestle-sections: Inspect the following systems or system components at random; at {{ insert: param, sr-10_prm_2 }}, upon {{ insert: param, sr-10_prm_3 }} to detect tampering: organization-defined systems or system components. -## Control Control Guidance +## Control Guidance The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations. diff --git a/ssp_author_demo/test_system/sr/sr-11.1.md b/ssp_author_demo/test_system/sr/sr-11.1.md index d1cac2d..cde5693 100644 --- a/ssp_author_demo/test_system/sr/sr-11.1.md +++ b/ssp_author_demo/test_system/sr/sr-11.1.md @@ -1,7 +1,7 @@ --- sort-id: sr-11.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-11.1 - \[Supply Chain Risk Management\] Anti-counterfeit Training @@ -10,7 +10,7 @@ x-trestle-sections: Train organization-defined personnel or roles to detect counterfeit system components (including hardware, software, and firmware). -## Control Control Guidance +## Control Guidance None. diff --git a/ssp_author_demo/test_system/sr/sr-11.2.md b/ssp_author_demo/test_system/sr/sr-11.2.md index 401962e..4073210 100644 --- a/ssp_author_demo/test_system/sr/sr-11.2.md +++ b/ssp_author_demo/test_system/sr/sr-11.2.md @@ -1,7 +1,7 @@ --- sort-id: sr-11.02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-11.2 - \[Supply Chain Risk Management\] Configuration Control for Component Service and Repair @@ -10,7 +10,7 @@ x-trestle-sections: Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: organization-defined system components. -## Control Control Guidance +## Control Guidance None. diff --git a/ssp_author_demo/test_system/sr/sr-11.md b/ssp_author_demo/test_system/sr/sr-11.md index 288df57..6375b1a 100644 --- a/ssp_author_demo/test_system/sr/sr-11.md +++ b/ssp_author_demo/test_system/sr/sr-11.md @@ -1,7 +1,7 @@ --- sort-id: sr-11 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-11 - \[Supply Chain Risk Management\] Component Authenticity @@ -12,7 +12,7 @@ x-trestle-sections: - \[b.\] Report counterfeit system components to source of counterfeit component; {{ insert: param, sr-11_prm_2 }} ; {{ insert: param, sr-11_prm_3 }} . -## Control Control Guidance +## Control Guidance Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA. diff --git a/ssp_author_demo/test_system/sr/sr-12.md b/ssp_author_demo/test_system/sr/sr-12.md index 2a335cc..14e4fa5 100644 --- a/ssp_author_demo/test_system/sr/sr-12.md +++ b/ssp_author_demo/test_system/sr/sr-12.md @@ -1,7 +1,7 @@ --- sort-id: sr-12 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-12 - \[Supply Chain Risk Management\] Component Disposal @@ -10,7 +10,7 @@ x-trestle-sections: Dispose of organization-defined data, documentation, tools, or system components using the following techniques and methods: organization-defined techniques and methods. -## Control Control Guidance +## Control Guidance Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle (not only in the disposal or retirement phase of the life cycle). For example, disposal can occur during research and development, design, prototyping, or operations/maintenance and include methods such as disk cleaning, removal of cryptographic keys, partial reuse of components. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information. Additionally, proper disposal of system components helps to prevent such components from entering the gray market. diff --git a/ssp_author_demo/test_system/sr/sr-2.1.md b/ssp_author_demo/test_system/sr/sr-2.1.md index ad35c8c..0ceff7a 100644 --- a/ssp_author_demo/test_system/sr/sr-2.1.md +++ b/ssp_author_demo/test_system/sr/sr-2.1.md @@ -1,7 +1,7 @@ --- sort-id: sr-02.01 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-2.1 - \[Supply Chain Risk Management\] Establish Scrm Team @@ -10,7 +10,7 @@ x-trestle-sections: Establish a supply chain risk management team consisting of organization-defined personnel, roles, and responsibilities to lead and support the following SCRM activities: organization-defined supply chain risk management activities. -## Control Control Guidance +## Control Guidance To implement supply chain risk management plans, organizations establish a coordinated, team-based approach to identify and assess supply chain risks and manage these risks by using programmatic and technical mitigation techniques. The team approach enables organizations to conduct an analysis of their supply chain, communicate with internal and external partners or stakeholders, and gain broad consensus regarding the appropriate resources for SCRM. The SCRM team consists of organizational personnel with diverse roles and responsibilities for leading and supporting SCRM activities, including risk executive, information technology, contracting, information security, privacy, mission or business, legal, supply chain and logistics, acquisition, business continuity, and other relevant functions. Members of the SCRM team are involved in various aspects of the SDLC and, collectively, have an awareness of and provide expertise in acquisition processes, legal practices, vulnerabilities, threats, and attack vectors, as well as an understanding of the technical aspects and dependencies of systems. The SCRM team can be an extension of the security and privacy risk management processes or be included as part of an organizational risk management team. diff --git a/ssp_author_demo/test_system/sr/sr-2.md b/ssp_author_demo/test_system/sr/sr-2.md index a6cb608..31ad041 100644 --- a/ssp_author_demo/test_system/sr/sr-2.md +++ b/ssp_author_demo/test_system/sr/sr-2.md @@ -1,7 +1,7 @@ --- sort-id: sr-02 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-2 - \[Supply Chain Risk Management\] Supply Chain Risk Management Plan @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Protect the supply chain risk management plan from unauthorized disclosure and modification. -## Control Control Guidance +## Control Guidance The dependence on products, systems, and services from external providers, as well as the nature of the relationships with those providers, present an increasing level of risk to an organization. Threat actions that may increase security or privacy risks include unauthorized production, the insertion or use of counterfeits, tampering, theft, insertion of malicious software and hardware, and poor manufacturing and development practices in the supply chain. Supply chain risks can be endemic or systemic within a system element or component, a system, an organization, a sector, or the Nation. Managing supply chain risk is a complex, multifaceted undertaking that requires a coordinated effort across an organization to build trust relationships and communicate with internal and external stakeholders. Supply chain risk management (SCRM) activities include identifying and assessing risks, determining appropriate risk response actions, developing SCRM plans to document response actions, and monitoring performance against plans. The SCRM plan (at the system-level) is implementation specific, providing policy implementation, requirements, constraints and implications. It can either be stand-alone, or incorporated into system security and privacy plans. The SCRM plan addresses managing, implementation, and monitoring of SCRM controls and the development/sustainment of systems across the SDLC to support mission and business functions. diff --git a/ssp_author_demo/test_system/sr/sr-3.md b/ssp_author_demo/test_system/sr/sr-3.md index 6436e80..04d1e03 100644 --- a/ssp_author_demo/test_system/sr/sr-3.md +++ b/ssp_author_demo/test_system/sr/sr-3.md @@ -1,7 +1,7 @@ --- sort-id: sr-03 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-3 - \[Supply Chain Risk Management\] Supply Chain Controls and Processes @@ -14,7 +14,7 @@ x-trestle-sections: - \[c.\] Document the selected and implemented supply chain processes and controls in security and privacy plans; supply chain risk management plan; {{ insert: param, sr-3_prm_5 }} . -## Control Control Guidance +## Control Guidance Supply chain elements include organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of systems and system components. Supply chain processes include hardware, software, and firmware development processes; shipping and handling procedures; personnel security and physical security programs; configuration management tools, techniques, and measures to maintain provenance; or other programs, processes, or procedures associated with the development, acquisition, maintenance and disposal of systems and system components. Supply chain elements and processes may be provided by organizations, system integrators, or external providers. Weaknesses or deficiencies in supply chain elements or processes represent potential vulnerabilities that can be exploited by adversaries to cause harm to the organization and affect its ability to carry out its core missions or business functions. Supply chain personnel are individuals with roles and responsibilities in the supply chain. diff --git a/ssp_author_demo/test_system/sr/sr-5.md b/ssp_author_demo/test_system/sr/sr-5.md index 61f1a51..b496de4 100644 --- a/ssp_author_demo/test_system/sr/sr-5.md +++ b/ssp_author_demo/test_system/sr/sr-5.md @@ -1,7 +1,7 @@ --- sort-id: sr-05 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-5 - \[Supply Chain Risk Management\] Acquisition Strategies, Tools, and Methods @@ -10,7 +10,7 @@ x-trestle-sections: Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: organization-defined acquisition strategies, contract tools, and procurement methods. -## Control Control Guidance +## Control Guidance The use of the acquisition process provides an important vehicle to protect the supply chain. There are many useful tools and techniques available, including obscuring the end use of a system or system component, using blind or filtered buys, requiring tamper-evident packaging, or using trusted or controlled distribution. The results from a supply chain risk assessment can guide and inform the strategies, tools, and methods that are most applicable to the situation. Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle. Organizations also consider providing incentives for suppliers who implement controls, promote transparency into their processes and security and privacy practices, provide contract language that addresses the prohibition of tainted or counterfeit components, and restrict purchases from untrustworthy suppliers. Organizations consider providing training, education, and awareness programs for personnel regarding supply chain risk, available mitigation strategies, and when the programs should be employed. Methods for reviewing and protecting development plans, documentation, and evidence are commensurate with the security and privacy requirements of the organization. Contracts may specify documentation protection requirements. diff --git a/ssp_author_demo/test_system/sr/sr-8.md b/ssp_author_demo/test_system/sr/sr-8.md index 73ef170..877c006 100644 --- a/ssp_author_demo/test_system/sr/sr-8.md +++ b/ssp_author_demo/test_system/sr/sr-8.md @@ -1,7 +1,7 @@ --- sort-id: sr-08 x-trestle-sections: - guidance: Control Guidance + guidance: Guidance --- # sr-8 - \[Supply Chain Risk Management\] Notification Agreements @@ -10,7 +10,7 @@ x-trestle-sections: Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notification of supply chain compromises; results of assessments or audits; {{ insert: param, sr-8_prm_2 }} . -## Control Control Guidance +## Control Guidance The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected organizational systems or system components is essential for organizations to effectively respond to such incidents. The results of assessments or audits may include open-source information that contributed to a decision or result and could be used to help the supply chain entity resolve a concern or improve its processes.