Closed CyberSecDef closed 4 years ago
CyberSecDef
commented
4 years ago For changes above, use the following verbiage.
CCI-000366
This vulnerability was originally mapped to CCI-000213: AC-3.1. However, this CCI/AP is inherited by [COMMAND] [PACKAGE TITLE], emass ID 12345. Therefore it is being mapped to CCI-000366 CM-6.5 by default
CyberSecDef
commented
4 years ago Saved sample png on local dev machine
CyberSecDef
commented
4 years ago Options:
Process as normal
CCI/AP processed like all others. Verbiage comes from scans and internal data tables.
If the CCI is linked to a control that is inherited or not in the package, add it marked as completed
CCI-000213: AC-3.1
This CCI/AP is inherited by [COMMAND] [PACKAGE TITLE], emass ID 12345.
Therefore it is being marked as completed by default.
- OR -
CCI-000213: AC-3.1
This CCI/AP is not part of the [PACKAGE] baseline.
Therefore it is being marked as completed by default.
If the CCI is linked to a control that is inherited or not in the package, change control to CM-6
CCI-000366
This vulnerability was originally mapped to CCI-000213: AC-3.1.
However, this CCI/AP is inherited by [COMMAND] [PACKAGE TITLE], emass ID 12345.
Therefore it is being mapped to CCI-000366 CM-6.5 by default.
- OR -
CCI-000366
This vulnerability was originally mapped to CCI-000213: AC-3.1.
However, this CCI/AP is not part of the [PACKAGE] baseline.
Therefore it is being mapped to CCI-000366 CM-6.5 by default.
Add an option to also import Test Results or Implementation Plan (eMASS -> Controls -> Import/Export).
Give options to user if the above is imported to: