diff --git a/trestle_task_osco_to_oscal/README.md b/trestle_task_osco_result_to_oscal_ar/README.md similarity index 86% rename from trestle_task_osco_to_oscal/README.md rename to trestle_task_osco_result_to_oscal_ar/README.md index 68451da..dd30b86 100644 --- a/trestle_task_osco_to_oscal/README.md +++ b/trestle_task_osco_result_to_oscal_ar/README.md @@ -1,4 +1,4 @@ -# compliance-trestle-task-osco-to-oscal-demo +# compliance-trestle-task-osco-result-to-oscal-ar-demo Simple example of using trestle to facilitate transforming OSCO results to OSCAL (partial) results. @@ -27,15 +27,15 @@ Running the demo ``` > cd -> cd git/compliance-trestle-demos/trestle_task_osco_to_oscal +> cd git/compliance-trestle-demos/trestle_task_osco_result_to_oscal_ar > trestle init -> trestle task osco-to-oscal -c ./demo-osco-to-oscal.config +> trestle task osco-result-to-oscal-ar -c ./demo-osco-result-to-oscal-ar.config output: osco/runtime/ssg-ocp4-ds-cis-111.222.333.444-pod.oscal.json inventory: 1 observations: 125 results: {} -Task: osco-to-oscal executed successfully. +Task: osco-result-to-oscal-ar executed successfully. ``` Viewing the result diff --git a/trestle_task_osco_to_oscal/demo-osco-to-oscal.config b/trestle_task_osco_result_to_oscal_ar/demo-osco-result-to-oscal-ar.config similarity index 70% rename from trestle_task_osco_to_oscal/demo-osco-to-oscal.config rename to trestle_task_osco_result_to_oscal_ar/demo-osco-result-to-oscal-ar.config index 2223b72..7399662 100644 --- a/trestle_task_osco_to_oscal/demo-osco-to-oscal.config +++ b/trestle_task_osco_result_to_oscal_ar/demo-osco-result-to-oscal-ar.config @@ -1,4 +1,4 @@ -[task.osco-to-oscal] +[task.osco-result-to-oscal-ar] input-dir = osco/input output-dir = osco/runtime diff --git a/trestle_task_osco_to_oscal/osco/input/ssg-ocp4-ds-cis-111.222.333.444-pod.yaml b/trestle_task_osco_result_to_oscal_ar/osco/input/ssg-ocp4-ds-cis-111.222.333.444-pod.yaml similarity index 100% rename from trestle_task_osco_to_oscal/osco/input/ssg-ocp4-ds-cis-111.222.333.444-pod.yaml rename to trestle_task_osco_result_to_oscal_ar/osco/input/ssg-ocp4-ds-cis-111.222.333.444-pod.yaml diff --git a/trestle_task_spread_sheet_to_component_definition/README.md b/trestle_task_spread_sheet_to_component_definition/README.md index 2b21900..01eb2b0 100644 --- a/trestle_task_spread_sheet_to_component_definition/README.md +++ b/trestle_task_spread_sheet_to_component_definition/README.md @@ -23,7 +23,7 @@ Running the demo > cd > cd git/compliance-trestle-demos/trestle_task_spread_sheet_to_component_definition - > trestle task xlsx-to-oscal-component-definition -c ./demo-xlsx-to-component-definition.config + > trestle task xlsx-to-oscal-cd -c ./demo-xlsx-to-cd.config catalog: trestle-workspace/catalogs/nist-sp-800-53-rev4/catalog.json input: demo.xlsx @@ -39,7 +39,7 @@ Running the demo rows missing parameters: [2, 7, 8] rows missing parameters values: [5] output: trestle-workspace/catalogs/catalog.json - Task: xlsx-to-oscal-component-definition executed successfully. + Task: xlsx-to-oscal-cd executed successfully. Viewing the result diff --git a/trestle_task_spread_sheet_to_component_definition/demo-xlsx-to-component-definition.config b/trestle_task_spread_sheet_to_component_definition/demo-xlsx-to-component-definition.config index b40acd9..ab6dcc4 100644 --- a/trestle_task_spread_sheet_to_component_definition/demo-xlsx-to-component-definition.config +++ b/trestle_task_spread_sheet_to_component_definition/demo-xlsx-to-component-definition.config @@ -1,4 +1,4 @@ -[task.xlsx-to-oscal-component-definition] +[task.xlsx-to-oscal-cd] catalog-file = trestle-workspace/catalogs/nist-sp-800-53-rev4/catalog.json spread-sheet-file = demo.xlsx diff --git a/trestle_task_spread_sheet_to_component_definition/trestle-workspace/catalogs/catalog.json b/trestle_task_spread_sheet_to_component_definition/trestle-workspace/catalogs/catalog.json deleted file mode 100644 index 5472f5b..0000000 --- a/trestle_task_spread_sheet_to_component_definition/trestle-workspace/catalogs/catalog.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "catalog": { - "uuid": "e5a4f808-ff84-4379-9f89-bfa4a6fc0f09", - "metadata": { - "title": "Component Parameters", - "last-modified": "2021-07-28T13:22:19.000+00:00", - "version": "0.20.0", - "oscal-version": "1.0.0" - }, - "params": [ - { - "id": "no_of_admins_for_cloudant_db", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/CLOUDANT" - } - ], - "label": "Maximum no of Cloudant DB user administrators", - "usage": "Ensure Cloudant has no more than # users with the IAM administrator role", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type Integer." - } - ], - "values": [ - "3" - ] - }, - { - "id": "no_of_service_id_admins_for_cloudant_db", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/CLOUDANT" - } - ], - "label": "Maximum no of Cloudant DB Service IDs administrators", - "usage": "Ensure Cloudant has no more than # service IDs with the IAM administrator role", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type Integer." - } - ], - "values": [ - "3" - ] - }, - { - "id": "cis_tls_versions", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/CIS" - } - ], - "label": "tlsVersion", - "usage": "Ensure Cloud Internet Services (CIS) has TLS v1.2 set for all inbound traffic", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type String." - } - ], - "values": [ - "None" - ] - }, - { - "id": "iks_ingress_tls_versions", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/IKS%20" - } - ], - "label": "tlsVersion", - "usage": "Ensure Kubernetes Service Ingress is configured only with TLS v1.2 for all inbound traffic", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type Float." - } - ], - "values": [ - "1.2,1.3" - ] - }, - { - "id": "source_code_scaning_vulnerability_threashhold", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/TOOLCHAIN" - } - ], - "label": "Source code scaning vulnerability threashhold", - "usage": "Ensure Continuous Delivery toolchain continuously scans source code to identify vulnerabilities above the # threshold.", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type String." - } - ], - "values": [ - "low,medium,high,critical" - ] - }, - { - "id": "source_code_scaning_vulnerability_threashhold", - "links": [ - { - "href": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud/TOOLCHAIN" - } - ], - "label": "Source code scaning vulnerability threashhold", - "usage": "Nonsense", - "guidelines": [ - { - "prose": "The first listed value option is set by default in the system unless set-parameter is used to satisfy a control requirements. Type String." - } - ], - "values": [ - "low,medium,high,critical" - ] - } - ] - } -} \ No newline at end of file diff --git a/trestle_task_spread_sheet_to_component_definition/trestle-workspace/component-definitions/component-definition.json b/trestle_task_spread_sheet_to_component_definition/trestle-workspace/component-definitions/component-definition.json index d858e4d..3650a15 100644 --- a/trestle_task_spread_sheet_to_component_definition/trestle-workspace/component-definitions/component-definition.json +++ b/trestle_task_spread_sheet_to_component_definition/trestle-workspace/component-definitions/component-definition.json @@ -1,10 +1,10 @@ { "component-definition": { - "uuid": "75c68a4b-9395-470d-9653-0ae99c93f558", + "uuid": "2fa6bb7a-6f14-4819-99cf-cc905056bd79", "metadata": { "title": "Component definition for NIST Special Publication 800-53 Revision 4 profiles", - "last-modified": "2021-07-28T13:22:19.000+00:00", - "version": "0.20.0", + "last-modified": "2022-03-23T15:52:35+00:00", + "version": "0.35.0", "oscal-version": "1.0.0", "roles": [ { @@ -22,19 +22,19 @@ ], "parties": [ { - "uuid": "38cada78-a368-4cc1-8771-66f1f8ccd5ad", + "uuid": "96ce0583-4030-437d-9ceb-d7472aafc75e", "type": "organization", "name": "International Business Machines", "remarks": "IBM" }, { - "uuid": "a733c127-9ebb-46cf-9721-00b5f5497dfa", + "uuid": "a6391df5-29ca-4208-ba6a-33066e224014", "type": "organization", "name": "Customer", "remarks": "organization to be customized at account creation only for their Component Definition" }, { - "uuid": "eaff49fd-268f-4111-a47a-7c76c0e78215", + "uuid": "d9e832b3-7845-4186-9ed0-4dcddbe749c6", "type": "organization", "name": "ISV", "remarks": "organization to be customized at ISV subscription only for their Component Definition" @@ -44,38 +44,38 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, "components": [ { - "uuid": "cbbc3510-bd0f-413b-8059-8bc45c1f1648", + "uuid": "fcc69e96-d4db-4b9d-a59c-82f6f22ec224", "type": "Service", "title": "SYSTEM", "description": "SYSTEM", "control-implementations": [ { - "uuid": "15ae6381-89ff-487c-b1b4-804c26f91d52", + "uuid": "c9e63a1d-8fa1-4a54-83ed-c45d401419f3", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "SYSTEM implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", "implemented-requirements": [ { - "uuid": "1c5a0e52-ef81-48fe-9158-24b8b2c3d4c7", + "uuid": "a98a5442-0eac-43e1-9718-1d9af58dbf82", "control-id": "cm-2", "description": "cm-2", "props": [ @@ -98,20 +98,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -121,18 +121,28 @@ ] }, { - "uuid": "993fd731-66c4-40b2-bb4b-fbfda070c08e", + "uuid": "503088e9-ec4b-4261-a61f-3c5406e7c1a1", "type": "Service", "title": "CLOUDANT", "description": "CLOUDANT", "control-implementations": [ { - "uuid": "e10807d1-2531-47be-b574-6815f2100968", + "uuid": "03d38dc3-811b-426d-827b-1d4c3b34cfb6", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "CLOUDANT implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", + "set-parameters": [ + [ + { + "param-id": "no_of_admins_for_cloudant_db", + "values": [ + "3" + ] + } + ] + ], "implemented-requirements": [ { - "uuid": "740185ed-a9e4-48ba-9e7f-f2fcab147a1e", + "uuid": "2bac21f7-da00-4c67-9d33-7571eeb618f2", "control-id": "ac-2", "description": "ac-2", "props": [ @@ -163,26 +173,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "520146cc-a3c6-4baa-b27c-64a55548531a", + "uuid": "2130920c-2570-4de6-84e2-b36eab3edf8f", "control-id": "ac-3", "description": "ac-3", "props": [ @@ -213,26 +223,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "73690552-5712-4e86-8645-6475458cbb1f", + "uuid": "4375f83e-52a2-42f3-a567-9f8744e8a62b", "control-id": "ac-5", "description": "ac-5", "props": [ @@ -263,26 +273,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "f319c316-3f3c-439f-a63b-b6a31b557e81", + "uuid": "cbe6d43e-4273-4075-8a71-4ad819efaf56", "control-id": "ac-6", "description": "ac-6", "props": [ @@ -313,20 +323,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -334,12 +344,22 @@ ] }, { - "uuid": "17209916-bde1-44a2-890e-77d3f3026ac4", + "uuid": "3fc4719f-c579-4fbf-bb6e-a40954550b9f", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "CLOUDANT implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", + "set-parameters": [ + [ + { + "param-id": "no_of_service_id_admins_for_cloudant_db", + "values": [ + "3" + ] + } + ] + ], "implemented-requirements": [ { - "uuid": "fe9137b4-35b2-4469-9328-bdafeb0a4b2a", + "uuid": "a76f3e63-fd88-419f-99f6-6d89eb883c52", "control-id": "ac-2", "description": "ac-2", "props": [ @@ -370,26 +390,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "7b313fb1-424d-4fce-b4b6-365ed852992c", + "uuid": "b25de31e-8e71-45d4-986f-6e59aacb93eb", "control-id": "ac-3", "description": "ac-3", "props": [ @@ -420,26 +440,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "57cb4d07-d1a7-41d4-8b7d-6289eb4053f7", + "uuid": "2ffbdac0-2eb3-464d-a129-69d06e994f95", "control-id": "ac-5", "description": "ac-5", "props": [ @@ -470,26 +490,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "6d14c2dc-0fc5-4ae7-8fde-9c746d6ef64b", + "uuid": "47f8f6b9-0278-4e5c-80ba-9a05b9c9e669", "control-id": "ac-6", "description": "ac-6", "props": [ @@ -520,20 +540,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -543,18 +563,18 @@ ] }, { - "uuid": "6590f4cc-cf1e-48d0-99b3-bee36b18507b", + "uuid": "8cf0172f-8664-4f7d-9c63-4998fc7da194", "type": "Service", "title": "CIS", "description": "CIS", "control-implementations": [ { - "uuid": "85c03c42-d13f-4595-b6b4-4b0805e93070", + "uuid": "31a63457-5e56-4708-a999-a38338fe06ba", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "CIS implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", "implemented-requirements": [ { - "uuid": "23ffbdd2-de43-412a-b600-25b509308495", + "uuid": "71ce974a-cba3-4cdb-a363-3642fffabb42", "control-id": "ac-17.2", "description": "ac-17(2)", "props": [ @@ -577,26 +597,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "ce5bdd8d-cf8d-4b5b-8c7b-6479a451510c", + "uuid": "f177b130-1c5c-45b6-9b03-8f0e7438322e", "control-id": "sc-8", "description": "sc-8", "props": [ @@ -619,26 +639,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "12bb2d23-3825-4f55-a7aa-857af7a4bc1b", + "uuid": "52f1ecbb-1cab-4552-9258-13cef084679c", "control-id": "sc-8.1", "description": "sc-8(1)", "props": [ @@ -661,26 +681,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "ff78475f-5ba7-4a32-afec-e508b0e55c16", + "uuid": "6cf33821-6dd9-4a01-a92c-a46be24ca2a0", "control-id": "sc-13", "description": "sc-13", "props": [ @@ -703,26 +723,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "3e8b9d82-1afe-41a7-818d-477208528f48", + "uuid": "32ece9fb-bdd6-461d-87ff-27b7a532f27d", "control-id": "sc-23", "description": "sc-23", "props": [ @@ -745,20 +765,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -768,18 +788,28 @@ ] }, { - "uuid": "a4df5e5f-16ec-4989-9766-cdd8b17e40a4", + "uuid": "08c053e5-98e7-4299-80aa-4b006874fd3e", "type": "Service", "title": "IKS ", "description": "IKS ", "control-implementations": [ { - "uuid": "5259ced8-40da-4070-9d01-8a98d34f1cf6", + "uuid": "c5ebb655-6c27-402d-ae0b-8c28afcfcb70", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "IKS implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", + "set-parameters": [ + [ + { + "param-id": "iks_ingress_tls_versions", + "values": [ + "1.2,1.3" + ] + } + ] + ], "implemented-requirements": [ { - "uuid": "7d38e269-4107-49c0-a9ca-717062356932", + "uuid": "51d05c72-cb85-418c-9fcd-517bee392fe2", "control-id": "ac-17.2", "description": "ac-17(2)", "props": [ @@ -810,26 +840,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "2376ed33-f600-42b7-88f2-e04872680ce2", + "uuid": "5b21ee56-35c5-4867-baf7-09cfe4afe20e", "control-id": "sc-8", "description": "sc-8", "props": [ @@ -860,26 +890,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "86570177-c8c6-4760-a758-dc1d259b0772", + "uuid": "5673fe3c-864c-478a-8eb0-f77bd076e9fb", "control-id": "sc-8.1", "description": "sc-8(1)", "props": [ @@ -910,26 +940,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "7e4d90b1-b3d4-4a64-82d4-5ae4043478dc", + "uuid": "6af86594-5496-42c5-be38-bf43db238bf4", "control-id": "sc-13", "description": "sc-13", "props": [ @@ -960,26 +990,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "c224f653-a525-4cb1-ba14-484f1062f8d9", + "uuid": "a8a3f701-abe4-4902-80ac-00474c4f80d1", "control-id": "sc-23", "description": "sc-23", "props": [ @@ -1010,20 +1040,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -1033,18 +1063,18 @@ ] }, { - "uuid": "cde1dd1c-ae34-49ac-9ecd-942fad70927b", + "uuid": "08b44cea-ca62-4852-8e06-ae0cd9724232", "type": "Service", "title": "VPC", "description": "VPC", "control-implementations": [ { - "uuid": "3064f2e1-40ef-4626-9a64-30e0534da6c4", + "uuid": "5804972c-ca23-42b7-b5a4-be502a907a7a", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "VPC implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", "implemented-requirements": [ { - "uuid": "4e91d5be-eb9a-4194-83b1-746d54ac1162", + "uuid": "ad582d81-225c-4b41-b1e2-4db796d0ea29", "control-id": "ac-4", "description": "ac-4", "props": [ @@ -1067,26 +1097,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "33632f3d-ee7d-472a-8433-edfd1a58f9d1", + "uuid": "3719902f-d851-4f1e-9525-65bc8b715b73", "control-id": "cm-2", "description": "cm-2", "props": [ @@ -1109,26 +1139,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "7829dc2b-0b78-4727-997c-bba65abd1edb", + "uuid": "f8de7871-3a57-48a4-bd92-cd38758891a4", "control-id": "sc-7", "description": "sc-7", "props": [ @@ -1151,26 +1181,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "785818cc-5132-4571-a8c9-d60b3075e687", + "uuid": "38c7759f-7e79-40cc-8124-6544d3293d83", "control-id": "sc-7.3", "description": "sc-7(3)", "props": [ @@ -1193,20 +1223,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -1216,18 +1246,18 @@ ] }, { - "uuid": "facd71a7-6e02-40fb-85cd-c0e2bec038a4", + "uuid": "a45eb926-3852-4f29-a072-84ed0fc8434a", "type": "Service", "title": "IKS", "description": "IKS", "control-implementations": [ { - "uuid": "4bd18df4-175a-4f45-9ae8-cc360dc54fd2", + "uuid": "198c1df6-b359-4daa-8577-f98129361626", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "IKS implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", "implemented-requirements": [ { - "uuid": "1abeb2be-f913-41a2-af89-f27ba6bbb852", + "uuid": "70c6eb9f-9dfd-4ee3-ac76-34a2eb54ecd4", "control-id": "cm-2", "description": "cm-2", "props": [ @@ -1250,26 +1280,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "18c88413-b780-4be4-af8a-ac3b1167710f", + "uuid": "b3b340c2-2a95-4b03-86d9-59fd93d44043", "control-id": "cm-7", "description": "cm-7", "props": [ @@ -1292,33 +1322,33 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ], "statements": [ { "statement-id": "cm-7", - "uuid": "6382b371-17e3-4283-88f9-2fbae8cac54a", + "uuid": "d43a837d-f567-4239-a849-cd01c02d3a92", "description": "IKS implements cm-7(a)" } ] }, { - "uuid": "654fb9ef-ce86-452e-98d1-8eb702d9bffb", + "uuid": "482766fa-4929-45a6-ad06-66c14687f456", "control-id": "cm-8.1", "description": "cm-8(1)", "props": [ @@ -1341,26 +1371,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "9c5278ce-d61e-437c-be12-004d127c637d", + "uuid": "43c65491-721f-4bda-96dc-6d21ad05d57b", "control-id": "cm-8.3", "description": "cm-8(3)", "props": [ @@ -1383,33 +1413,33 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ], "statements": [ { "statement-id": "cm-8_3", - "uuid": "3b98df0d-b0b0-42f3-a40d-4002d4858df0", + "uuid": "073adee4-11f1-407c-9318-5a81c64c9dff", "description": "IKS implements cm-8(3)(a)" } ] }, { - "uuid": "c7cbd14f-de0c-477a-9afb-364b114658fe", + "uuid": "4bee7361-2f4e-4860-bf2d-8a5250b38288", "control-id": "sa-3", "description": "sa-3", "props": [ @@ -1432,27 +1462,27 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ], "statements": [ { "statement-id": "sa-3", - "uuid": "8953427b-d322-4ad4-a6b7-092955b99b8a", + "uuid": "fe05ab25-0191-4fa6-92e4-b78f5e0e8a54", "description": "IKS implements sa-3(a)" } ] @@ -1462,18 +1492,28 @@ ] }, { - "uuid": "2ad1fd24-004b-4f74-adfc-182243a1b7a0", + "uuid": "943f6235-3ae9-4237-97d6-e67d20e46903", "type": "Service", "title": "TOOLCHAIN", "description": "TOOLCHAIN", "control-implementations": [ { - "uuid": "0dd00a72-fa32-4866-8613-c369dff268c5", + "uuid": "6531a82b-5788-455e-a6b4-7b383bc133db", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "TOOLCHAIN implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", + "set-parameters": [ + [ + { + "param-id": "source_code_scaning_vulnerability_threashhold", + "values": [ + "low,medium,high,critical" + ] + } + ] + ], "implemented-requirements": [ { - "uuid": "619eff2d-b92a-4451-92ac-da883f918e3f", + "uuid": "6e22190f-d9fd-48a7-896a-ec0be0244659", "control-id": "cm-8.3", "description": "cm-8(3)", "props": [ @@ -1504,33 +1544,33 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ], "statements": [ { "statement-id": "cm-8_3", - "uuid": "d92fbd9a-13f3-4302-84df-a1902e8c632f", + "uuid": "96d8bf98-04ad-42c6-9f78-24e73e5c518f", "description": "TOOLCHAIN implements cm-8(3)(a)" } ] }, { - "uuid": "990f5e20-efec-44e6-b94c-16e1098a5f76", + "uuid": "d37deb0c-7086-4935-b6e0-9d6342665235", "control-id": "ra-5", "description": "ra-5", "props": [ @@ -1561,33 +1601,33 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ], "statements": [ { "statement-id": "ra-5", - "uuid": "f7e5753b-8a8c-438a-abf8-62778b8a6370", + "uuid": "8fd96762-8a73-40ef-9575-f0544d96a3a3", "description": "TOOLCHAIN implements ra-5(a)" } ] }, { - "uuid": "3467c2f9-3c8a-4def-a986-1206cfc24bf7", + "uuid": "26f35b5f-03f1-4f8e-8838-a64ed6d13dc7", "control-id": "si-2.2", "description": "si-2(2)", "props": [ @@ -1618,26 +1658,26 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] }, { - "uuid": "f6f562cd-da1e-40ec-86da-c7b21d7d925e", + "uuid": "256ec821-8091-4e36-829b-00f213b7c576", "control-id": "si-7.1", "description": "si-7(1)", "props": [ @@ -1668,20 +1708,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ] @@ -1689,12 +1729,22 @@ ] }, { - "uuid": "68ba53ce-ba46-448b-b2cf-7a3985fbc3e4", + "uuid": "f00603a9-37cf-4ea3-9d48-f7bfae24e01a", "source": "https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json", "description": "TOOLCHAIN implemented controls for NIST Special Publication 800-53 Revision 4. It includes assessment asset configuration for CICD.\"", + "set-parameters": [ + [ + { + "param-id": "source_code_scaning_vulnerability_threashhold", + "values": [ + "low,medium,high,critical" + ] + } + ] + ], "implemented-requirements": [ { - "uuid": "24491dbc-4caf-4133-9f6a-63168f16472b", + "uuid": "e3365d02-4919-45fc-b514-0ed3421126fd", "control-id": "zz-1", "description": "zz-1", "props": [ @@ -1725,20 +1775,20 @@ { "role-id": "prepared-by", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] }, { "role-id": "prepared-for", "party-uuids": [ - "a733c127-9ebb-46cf-9721-00b5f5497dfa", - "eaff49fd-268f-4111-a47a-7c76c0e78215" + "a6391df5-29ca-4208-ba6a-33066e224014", + "d9e832b3-7845-4186-9ed0-4dcddbe749c6" ] }, { "role-id": "content-approver", "party-uuids": [ - "38cada78-a368-4cc1-8771-66f1f8ccd5ad" + "96ce0583-4030-437d-9ceb-d7472aafc75e" ] } ]