Merge pull request #1519 from oscal-compass/develop

chore: Trestle release

README.md

@@ -106,38 +106,35 @@ A collection of demos utilizing trestle can be found in the related project [com
 
 Compliance trestle is currently stable and is based on NIST OSCAL version 1.0.4, with active development continuing.
 
-## Community call
+## Community meetings and communications
 
-We would like to share development in progress for compliance trestle, coming soon and get feedback from community on what features would they like to see in compliance trestle.\
-The community call will happen every 2 week(s) on Tuesday at 10.00am EST.\
-Meeting information:
+##### Scheduled meetings
 
-```
-Compliance Trestle Community Call
-
-Join from the meeting link
-https://ibm.webex.com/ibm/j.php?MTID=m030fdef5ac2d09f46f04813bb5e9dc6b
-Tuesday, September 5, 2023 10:00 AM | 30 minutes | (UTC-04:00) Eastern Time (US & Canada)
-Occurs every 2 week(s) on Tuesday effective 9/5/2023 from 10:00 AM to 10:30 AM, (UTC-04:00) Eastern Time (US & Canada)
- 
-Join by meeting number
-Meeting number (access code): 146 967 4515
- 
-Tap to join from a mobile device (attendees only)
-1-844-531-0958,,1469674515#43533276# United States Toll Free
-+1-669-234-1178,,1469674515#43533276# United States Toll
-Some mobile devices may ask attendees to enter a numeric password.
- 
-Join by phone
-1-844-531-0958 United States Toll Free
-1-669-234-1178 United States Toll
-Global call-in numbers  |  Toll-free calling restrictions
- 
-Join from a video system or application
-Dial [email protected]
-You can also dial 173.243.2.68 and enter your meeting number.
+Please attend! All are invited.
 
-```
+**When**: Every other Tuesday at 10:00 ET [convert to your local time](https://dateful.com/convert/est-edt-eastern-time)
+
+To discover the actual meeting dates:
+
+- Go to [Google Calendar](https://calendar.google.com/calendar/u/0/[email protected]&ctz=America/Los_Angeles)
+- Look at entries in `Tue` day of week for *Compliance Trestle Community Call*
+- To add to your calendar, `click` on `Compliance Trestle Community Call` and choose `copy to my calendar`
+
+**Where**: [https://zoom.us/j/92729235315](https://zoom.us/j/92729235315)
+
+- Meeting Id: 927 2923 5315
+
+- Passcode: 233140
+
+- **Note**: Use the passcode above to login to Zoom (or you can login to Zoom using another account like Google, Facebook)
+
+**What**: Meeting agenda and notes [Google Docs](https://docs.google.com/document/d/1z9xvt-Z97j4CtEH1-nR9sMWul7jQkUi_fNY7BdMPgxM/edit#heading=h.nohkp1kbeduj)
+
+##### Chat anytime
+
+Slack: [# compliance-grc](https://cloud-native.slack.com/archives/C066TMUBEL8)
+
+- **Note**: You can login to Slack using another account like Google, Apple
 
 ## Contributing to Trestle
 

setup.cfg

@@ -28,7 +28,7 @@ include_package_data = True
 install_requires =
     attrs
     ilcli
-    cryptography==41.0.6
+    cryptography==42.0.0
     paramiko==3.4.0
     ruamel.yaml
     furl

tests/data/csv/bp.sample.v4.csv

@@ -0,0 +1,12 @@
+Reference_Id,Rule_Id,Rule_Description,Check_Id,Check_Description,Fetcher,Fetcher_Description,Profile_Source,Profile_Description,Component_Type,Control_Id_List,Component_Title,Component_Description,Parameter_Id,Parameter_Description,Parameter_Value_Default,Parameter_Value_Alternatives,Parameter_Id2,Parameter_Description2,Parameter_Value_Default2,Parameter_Value_Alternatives2,Namespace
+column description,column description,column description,,,,,,,,,,,,,,,,,,,
+3000020,account_owner_authorized_ip_range_configured,Ensure authorized IP ranges are configured by the account owner,account_owner_authorized_ip_range_configured,Check whether authorized IP ranges are configured by the account owner,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,sc-7_smt.a sc-7_smt.b sc-7.3 sc-7.4_smt.a sc-7.5 ia-3,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000021,iam_admin_role_users_per_account_maxcount,Ensure there are no more than # IAM administrators configured per account,iam_admin_role_users_per_account_maxcount,Check whether there are no more than # IAM administrators configured per account,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-6 ac-5_smt.c,IAM,IAM,allowed_admins_per_account,Maximum allowed administrators per,10,10,allowed_admins_per_account2,Maximum allowed administrators per2,20,20,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000022,iam_cos_public_access_disabled,Ensure Cloud Object Storage public access is disabled in IAM settings (not applicable to ACLs managed using S3 APIs),iam_cos_public_access_disabled,Check whether Cloud Object Storage public access is disabled in IAM settings (not applicable to ACLs managed using S3 APIs),,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-3 ac-4 ac-6 sc-7_smt.a sc-7_smt.b sc-7.4_smt.a ac-14_smt.a cm-7_smt.a cm-7_smt.b,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000023,iam_account_owner_no_api_key,Ensure the account owner does not have an IBM Cloud API key created in IAM,iam_account_owner_no_api_key,Check whether the account owner does not have an IBM Cloud API key created in IAM,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-2_smt.d ac-3 ac-5_smt.c ac-6,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000024,iam_api_keys_rotation_configured,Ensure IBM Cloud API keys that are managed in IAM are rotated at least every # days,iam_api_keys_rotation_configured,Check whether IBM Cloud API keys that are managed in IAM are rotated at least every # days,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ia-5_smt.g,IAM,IAM,api_keys_rotated_days,API Keys Rotated,"x, y, z",,api_keys_rotated_days2,API Keys Rotated2,"r, s, t",,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000027,iam_account_owner_api_key_restrictions_configured,Ensure permissions for API key creation are limited and configured in IAM settings for the account owner,iam_account_owner_api_key_restrictions_configured,Check whether permissions for API key creation are limited and configured in IAM settings for the account owner,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-2_smt.d ac-3 ac-5_smt.c ac-6,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000029,iam_admin_role__user_maxcount,Ensure IAM-enabled services have no more than # users with the IAM administrator role,iam_admin_role__user_maxcount,Check whether IAM-enabled services have no more than # users with the IAM administrator role,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-6 ac-5_smt.c ia-7,IAM,IAM,no_of_admins_for_iam,Maximum no of IAM user,"a, b, c",,no_of_admins_for_iam2,Maximum no of IAM user2,"d, e, f",,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000030,iam_serviceID_policies_attached_to_access_groups_or_roles,Ensure IAM policies for service IDs are attached only to groups or roles,iam_serviceID_policies_attached_to_access_groups_or_roles,Check whether IAM policies for service IDs are attached only to groups or roles,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-3 ac-6 ac-2_smt.d ac-5_smt.c ia-7,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000031,iam_logDNA_enabled,Ensure Identity and Access Management (IAM) is enabled with audit logging,iam_logDNA_enabled,Check whether Identity and Access Management (IAM) is enabled with audit logging,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,au-2_smt.a au-2_smt.d si-4_smt.a si-4_smt.b si-4_smt.c au-12_smt.a au-12_smt.b au-12_smt.c au-3 au-8_smt.a au-8_smt.b au-8.1_smt.a au-8.1_smt.b ca-7_smt.d,IAM,IAM,,,,,,,,,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd
+3000032,iam_admin_role_serviceid_maxcount,Ensure IAM-enabled services have no more than # service IDs with the IAM administrator role,iam_admin_role_serviceid_maxcount,Check whether IAM-enabled services have no more than # service IDs with the IAM administrator role,,,https://github.com/usnistgov/oscal-content/blob/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json,NIST Special Publication 800-53 Revision 5 HIGH IMPACT BASELINE,Service,ac-6 ac-5_smt.c ia-7,IAM,IAM,no_of_service_id_admins_for_iam,Maximum no of IAM Service ID,"3, 4, 5",,no_of_service_id_admins_for_iam2,Maximum no of IAM Service ID2,"10, 11, 12",,http://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd